cybershujin/Threat-Actors-use-of-Artifical-Intelligence
GitHub: cybershujin/Threat-Actors-use-of-Artifical-Intelligence
一个追踪和分类网络威胁行为者实际使用AI与大语言模型发起攻击的知识库项目,收录已确认案例并尝试将其映射到MITRE ATT&CK框架。
Stars: 311 | Forks: 32
**Adversary use of Artifical Intelligence and LLMs and Classification of TTPs**
This Github is an attempt to organize known use of artificial intelligence by cyber threat actors and to map and track those techniques. In this scenario, we are focusing on cyber threat attacks that are being facilitated in some way by threat actors using artificial intelligence. This does not include political influence campaigns or mis/dis/mal information campaigns. It does include some fraud related cases, but I attempt to keep the focus on fraud activities that we would see in traditional campaigns but enhanced with AI.
It is worth specifically stating that in many cases defenders cannot confirm whether a threat actor used AI unless: (a) the reporting organization is looking at the use of their own AI tools such as Microsoft and OpenAI's reporting, Anthropic, etc or (b) the actor decides to use AI tools available on the already-compromised endpoint. For this reason many reports on attacks or campaigns using AI are, when you read carefully, actually done by researchers. For this reason, I am remaining focused in this project *only* on what confirmed reports we have on threat actor's actual use.
Through this research it also became clear to me that there is not always an easy 1:1 mapping of the MITRE ATT&CK TTPs to this activity, and some are also not in the MITRE ATLAS project either (which focuses more on attacks on LLMs). For this reason, this project also attempts to build off of MITRE, Microsoft and OpenAI's classification of LLM TTPs, to provide better means of describing this activity. [See Appendix A for this list](https://github.com/cybershujin/Threat-Actors-use-of-Artifical-Intelligence#appendix-a-llm-themed-ttps)
There have still been relatively few individuals on criminal forums (Breachedforums[.]vc, Exploit[.]in or XSS) and telegrams actively discussing generative AI use for the purposes of cyber attacks. Some users have marketed alleged generative AI tools used for malicious purposes. See [Dark LLMs and Blackhat GPTs](https://github.com/cybershujin/Threat-Actors-use-of-Artifical-Intelligence/blob/main/Dark%20LLMs%20and%20Malicious%20AIs.MD). It is worth considering that that more technically capable and sophisticated actors are more likely to harness these types of tools. That said, there are only a small set of examples of alleged LLM outputs from these, and no posts provided evidence that LLM output was successfully used for an attack. [Update Aug 30, 2025] In more recent [reporting by Talos](https://blog.talosintelligence.com/cybercriminal-abuse-of-large-language-models/) supports the conclusions I reached in research a year ago, that the vast majority of these are fraud/scams. From Talos: "...At this point it was clear that CanadianKingpin12 had no working product, and they were scamming potential FraudGPT customers out of their cryptocurrency"
There has been secondary effect studies such as the significant increase observed in phishing since ChatGPT became widely available, reported as 1,265% increase between November 2022 to Jan 2023 by [SlashNext](https://www.prnewswire.com/news-releases/slashnexts-2023-state-of-phishing-report-reveals-a-1-265-increase-in-phishing-emails-since-the-launch-of-chatgpt-in-november-2022--signaling-a-new-era-of-cybercrime-fueled-by-generative-ai-301971557.html). However, Slashnext and many other reports authored in this area are from vendors offering solutions in these security spaces and thus should be examined accordingly for bias.
[Update May/14/2024] I wanted to call out some excellent reporting by [Trend Micro](https://www.trendmicro.com/vinfo/gb/security/news/cybercrime-and-digital-threats/back-to-the-hype-an-update-on-how-cybercriminals-are-using-genai) which covers a lot of the concepts things in both of my pages, though less indepth. Their findings are:
- Adoption rates of AI technologies among criminals lag behind the rates of their industry counterparts because of the evolving nature of cybercrime. - Compared to last year, criminals seem to have abandoned any attempt at training real criminal large language models (LLMs). Instead, they are jailbreaking existing ones. - We are finally seeing the emergence of actual criminal deepfake services, with some bypassing user verification used in financial services.
[Update May/15/2024] [Verizon DBIR report for 2024](https://github.com/cybershujin/Threat-Actors-use-of-Artifical-Intelligence/blob/main/2024-dbir-data-breach-investigations-report.pdf) has a small, but well analyzed section about threat actor interest in AI:
- Text analysis of criminal forums regarding AI alongside terms such as malware, phishing and vulnerability shows very little interest, and in fact most posts are about selling account access - Phishing, malware and ransomware effectiveness analysis indicates there is not a pressing need for AI to be sucessful as a malicious actor - The one large advancement that appears to be leveraged by threat actors is the use of deep fake technology Generally speaking, most popular and widely accessible AIs and LLMs have significant safeguards so they are designed not to add or enable malicious or criminal activities. However, this requires "jailbreaking" or otherwise "attacking" the AI/LLM itself which is not covered here, but is on my [other repo](https://github.com/cybershujin/AI-and-ML-for-Cybersecurity). [Update Aug/30/2025] !WATERSHED REPORTING! Recent and significant reporting from Anthropic, OpenAI and other sources have added to the observed activity and certainly represent a marked increase in use and application of AI for cyber threat actors, and represent a significant increase in uplift enjoyed by threat actors. In prior reporting, the uplift for low skilled threat actors using GenAI was primarily in social engineering. While social engineering (victim profiling, phishing, chatbots and deepfakes) remains BY FAR the largest volume of cyber threat activity using GenAI, reporting now provides evidence that low skilled actors are now using it "to conduct complex operations, like eveloping ransomware, that would previously have required years of training." [Anthropic](https://www-cdn.anthropic.com/b2a76c6f6992465c09a6f2fce282f6c0cea8c200.pdf?) This appears to be the first confirmed instance of AI being used to develop ransomware which there is evidence was sucessful in deployment and the subsequent extorsion demand. [GTG-200](https://www-cdn.anthropic.com/b2a76c6f6992465c09a6f2fce282f6c0cea8c200.pdf?) While we are seeing an increase in reporting of cyber threat actor using LLMs to [generate ransomware](https://bsky.app/profile/esetresearch.bsky.social/post/3lxctuaf4222t) and other [malware](https://www-cdn.anthropic.com/b2a76c6f6992465c09a6f2fce282f6c0cea8c200.pdf), in part or in whole - it is notable that all analysis of the sophistication of this code is that it is not a highly sophisticated, novel or (a claim I hear all too often) highly-polymorphic with features more likely to evade detection. **Scope** This is not for: • Threat actors attacking AI / ML / LLMs • Researchers attacking or finding exploits or possible uses AI by threat actors • Mis/dis/mal information campaigns using Deepfake technology • Threats to AI users, or AI researchers For those items, some of it is in my other repo here [AI and ML for Cybersecurity](https://github.com/cybershujin/AI-and-ML-for-Cybersecurity) along with some tools for cybersecurity professionals. Notes: **UnSub or Multiple UnSub - (sourcename)** used to refer to unnamed subjects, or multiple unnamed subjects mentioned in reports These these are taken from reports listed on the [Sources page](https://github.com/cybershujin/Threat-Actors-Use-of-Artifical-Intelligence/blob/main/Sources.md) but the TTP mapping is an effort by me to map to the closest possible MITRE ATT&CK technique used. If you find an entry and believe a better TTP mapping is available, please contact me and/or comment. | Name | AKAs | Brief | TTP | Link | | -------------- | -------------- | -------------------------------------------------------------------------------------------------------------- | ------------------------------------------------- | --------------------------- | | FunkSec | unknown | "The individuals behind FunkSec appear to have extensively leveraged AI to enhance their capabilities, as evidenced by their publications and tools. Their public script offerings include extensive code comments with perfect English (as opposed to very basic English in other mediums), likely generated by an LLM agent. Similar patterns are visible in the Rust source code linked to the group’s ransomware, suggesting it may have been developed with AI assistance.
In some of their published messages, the group specifically linked the development of their ransomware to AI-assisted agents, likely providing it with the source code for the ransomware and simply shared the output on their site.
The use of such tools aligns closely with the group’s public claims, as they also released an AI chatbot based on Miniapps to support their operations" | **LLM-enhanced scripting techniques** T1588 - Develop Capabilities: Tool
| [CheckPoint Research](https://research.checkpoint.com/2025/funksec-alleged-top-ransomware-group-powered-by-ai/) | | Salt Typhoon | GhostEmperor, FamousSparrow, Earth Estries, UNC2286 | WSJ- "The group used sophisticated methods to infiltrate American telecom infrastructure through vulnerabilities including Cisco Systems routers, and investigators suspect the hackers relied on artificial intelligence or machine learning to further their espionage operations , people familiar with the matter said."
InfoSec Magazine - "Salt Typhoon’s methods included advanced use of artificial intelligence to enhance their access and intelligence-gathering efforts." | Unknown TTPs | [T-Mobile Hacked in Massive Chinese Breach of Telecom Networks - Wall Street Journal](https://www.wsj.com/politics/national-security/t-mobile-hacked-in-massive-chinese-breach-of-telecom-networks-4b2d7f92) and [Archive -no paywall](http://archive.today/Uidlf)
[InfoSecurity Magazine](https://www.infosecurity-magazine.com/news/tmobile-breached-chinese/) | | Multiple Unsub - Symantic | Unknown | Recent malware campaigns observed by Symantec involved phishing emails containing code used to download various payloads, including Rhadamanthys, NetSupport, CleanUpLoader (Broomstick, Oyster), ModiLoader (DBatLoader), LokiBot, and Dunihi (H-Worm). Analysis of the scripts used to deliver malware in these attacks suggests they were generated using LLMs. [Symantec](https://symantec-enterprise-blogs.security.com/threat-intelligence/malware-ai-llm) | **LLM-enhanced scripting techniques** T1588 - Develop Capabilities: Tool
**LLM-supported social engineering** T1566 - Phishing
**LLM-enhanced scripting techniques:** Execution through Windows Management Instrumentation (WMI) or PowerShell (T1059) | Coming Soon | | Bitter APT | APT-C-08, Aramanberry | the group used the online IDE platform Replit to build phishing websites [Source](https://mp.weixin.qq.com/s/wR7IgBmEuqqGQ9SCAV39Uw) | TA1588.007 - Artifical Intelligence
**LLM-supported social engineering** T1566 - Phishing |ComingSoon | | Multiple Unsub - Trend Micro |unknown akas | Criminals are using generative AI capabilities for two purposes: To support the development of malware or malicious tools...To improve their social engineering tricks. [Trend Micro](https://www.trendmicro.com/vinfo/gb/security/news/cybercrime-and-digital-threats/back-to-the-hype-an-update-on-how-cybercriminals-are-using-genai) | **LLM-enhanced scripting techniques** T1588 - Develop Capabilities: Tool
**LLM-supported social engineering** T1566 - Phishing
**LLM-enhanced scripting techniques:** Execution through Windows Management Instrumentation (WMI) or PowerShell (T1059)
**DeepFake for Impersonation (Fraud):** Where generative AI is used to make audio, video or photographic media used to impersonate individuals | [Trend Micro](https://www.trendmicro.com/vinfo/gb/security/news/cybercrime-and-digital-threats/back-to-the-hype-an-update-on-how-cybercriminals-are-using-genai) | |TA547 | Scully Spider | Proofpoint identified TA547 targeting German organizations with an email campaign delivering Rhadamanthys malware. This is the first time researchers observed TA547 use Rhadamanthys, an information stealer that is used by multiple cybercriminal threat actors. Additionally, the actor appeared to use a PowerShell script that researchers suspect was generated by large language model (LLM) such as ChatGPT, Gemini, CoPilot, etc. [Source](https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta547-targets-german-organizations-rhadamanthys-stealer) | **LLM-enhanced scripting techniques:** Execution through Windows Management Instrumentation (WMI) or PowerShell (T1059) | ComingSoon | | Fancy Bear | Forest Blizzard, APT28, Strontium | APT28 is a Russian military intelligence actor linked to GRU Unit 26165, who has targeted victims of both tactical and strategic interest to the Russian government. Microsoft assesses that Forest Blizzard operations play a significant supporting role to Russia’s foreign policy and military objectives both in Ukraine and in the broader international community. Forest Blizzard’s use of LLMs has involved research into various satellite and radar technologies that may pertain to conventional military operations in Ukraine, as well as generic research aimed at supporting their cyber operations. [Microsoft](https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/)
[Update 2025-11] Deployed **PROMPTSTEAL** (CERT-UA tracks it as **LameHug**) against Ukraine in June 2025 — a Python data-miner that queries an LLM (Qwen2.5-Coder-32B-Instruct) via the Hugging Face API at runtime to generate the reconnaissance/collection commands it executes; GTIG describes it as its first observed case of malware querying an LLM in live operations. [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools), corroborated by CERT-UA | **LLM-informed reconnaissance** T1592 - Gather Victim Org Information
**LLM-enhanced scripting techniques** T1588 - Develop Capabilities: Tool
**LLM-embedded malware (runtime generation)** T1059 - Command and Scripting Interpreter | [APT28 aka Fancy Bear](https://github.com/cybershujin/Threat-Actors-Use-of-Artifical-Intelligence/blob/main/APT28.MD) | | APT43 | Lazarus, Emerald Sleet, Velvet Chollima, Kimsuky, TA406, Thallium | North Korean threat actor with recent operations relied on spear-phishing emails to compromise and gather intelligence from prominent individuals with expertise on North Korea. Microsoft observed Emerald Sleet impersonating reputable academic institutions and NGOs to lure victims into replying with expert insights and commentary about foreign policies related to North Korea. Emerald Sleet’s use of LLMs has been in support of this activity and involved research into think tanks and experts on North Korea, as well as the generation of content likely to be used in spear-phishing campaigns. Emerald Sleet also interacted with LLMs to understand publicly known vulnerabilities, to troubleshoot technical issues, and for assistance with using various web technologies. [Microsoft](https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/)
This account of the use of AI was also reported by Mandiant in their 23-00016993 and 24-00002657 reports. Mandiant's 2024 reporting also mentions APT43 purchasing WormGPT in August 2023. Reports from Feb 2024 APT43 was observed on forums discussing ChatGPT along a topic about (toughly translated) "North Korean nuclear solution"
In another report, Mandiant describes, "We identified indications of North Korean cyber espionage actor APT43 interest in LLMs, specifically Mandiant observed evidence suggesting the group has logged on to widely available LLM tools. The group may potentially leverage LLMs to enable their operations, however the intended purpose is unclear. " [Source](https://www.mandiant.com/resources/blog/threat-actors-generative-ai-limited)
[Update 2026-03] Microsoft (with OpenAI) observed Emerald Sleet using LLMs to research the publicly reported vulnerability CVE-2022-30190 (MSDT "Follina"). [Microsoft](https://www.microsoft.com/en-us/security/blog/2026/03/06/ai-as-tradecraft-how-threat-actors-operationalize-ai/) | **LLM-assisted vulnerability research** T1588.006 Obtain Capabilities: Vulnerabilities
**LLM-enhanced scripting techniques** T1588 - Develop Capabilities: Tool
**LLM-supported social engineering** T1566 - Phishing
**LLM-informed reconnaissance** T1592 - Gather Victim Org Information Based on Mandiants 24-00002657 report,
**DeepFake for Impersonation** (TTP unknown, not clear how actors used generated images from MaxAi[.]me and ZMO AI | link coming soon | | Imperial Kitten | Crimson Sandstorm, Yellowliderc, Tortoiseshell | Iranian threat actor assessed to be connected to the Islamic Revolutionary Guard Corps (IRGC). This actor has targeted multiple sectors, including defense, maritime shipping, transportation, healthcare, and technology. These operations have frequently relied on watering hole attacks and social engineering to deliver custom .NET malware. Prior research also identified custom Crimson Sandstorm malware using email-based command-and-control (C2) channels. The use of LLMs by Crimson Sandstorm has reflected the broader behaviors that the security community has observed from this threat actor. Interactions have involved requests for support around social engineering, assistance in troubleshooting errors, .NET development, and ways in which an attacker might evade detection when on a compromised machine. [Microsoft](https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/) | **LLM-supported social engineering** T1566 - Phishing
**LLM-enhanced scripting techniques** T1588 - Develop Capabilities: Tool
**LLM-enhanced anomaly detection evasion** T1562.001 - Impair Defenses: Disable or Modify Tools | link coming soon | | Aquatic Panda | Charcoal Typhoon, ControlX, RedHotel, Bronze University, Red Scully, Chromium | Chinese state-affiliated threat actor with a broad operational scope. Activities have predominantly focused on entities within Taiwan, Thailand, Mongolia, Malaysia, France, and Nepal, with observed interests extending to institutions and individuals globally who oppose China’s policies. In recent operations, this actor group has been observed interacting with LLMs in ways that suggest a limited exploration of how LLMs can augment their technical operations. This has consisted of using LLMs to support tooling development, scripting, understanding various commodity cybersecurity tools, and for generating content that could be used to social engineer targets. [Microsoft](https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/) | **LLM-informed reconnaissance** T1588.006 Obtain Capabilities: Vulnerabilities
**LLM-enhanced scripting techniques** T1587 - Develop Capabilities
**LLM-refined operational command techniques** TA0003 - Persistence and TA004 Privilege Escalation | [Aquatic Panda Reports](https://github.com/cybershujin/Threat-Actors-use-of-Artifical-Intelligence/tree/main/Aquatic%20Panda) | | Sodium | Salmon Typhoon, Samurai Panda, Maverick Panda, APT4 | Sophisticated Chinese state-affiliated threat actor with a history of targeting US defense contractors, government agencies, and entities within the cryptographic technology sector. This threat actor has demonstrated its capabilities through the deployment of malware, such as Win32/Wkysol, to maintain remote access to compromised systems. With over a decade of operations marked by intermittent periods of dormancy and resurgence. (Sodium's) interactions with LLMs throughout 2023 appear exploratory and suggest that this threat actor is evaluating the effectiveness of LLMs in sourcing information on potentially sensitive topics, high profile individuals, regional geopolitics, US influence, and internal affairs. This tentative engagement with LLMs could reflect both a broadening of their intelligence-gathering toolkit and an experimental phase in assessing the capabilities of emerging technologies. [Microsoft](https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/) | **LLM-informed reconnaissance** T1593 - Search Open Websites/Domains
**LLM-enhanced scripting techniques** T1587.001 - Develop Capabilities: Malware
**LLM-refined operational command techniques** T1564 - Hide Artifacts
**LLM-Aided technical translation and explanation** T1593 - Search Open Websites/Domains | link coming soon | | Unsub1 - Kaspersky | N/A | Using fake sites, they hosted “GPT chats” supposedly capable of diagnosing computer problems, making money and such. In fact, the site deployed no AI models, but only used the topic to stir interest with potential victims and make a bigger killing. One such page mimicking the Microsoft website warned visitors that their computer was infected with a Trojan. To avoid losing data, they were advised not to reboot or turn off the device until the issue was resolved. Two options were offered: call a hotline or chat with Lucy, an AI chatbot. In the second case, you had to choose a method of diagnosing the device, after which the bot said it was unable to solve the problem and recommended calling support. Naturally, professional scammers, not Microsoft engineers, were waiting at the other end of the line. *Analyst note: This sounds like [Bazacall](https://www.microsoft.com/en-us/security/blog/2021/07/29/bazacall-phony-call-centers-lead-to-exfiltration-and-ransomware/) like activity* [Source](https://securelist.com/spam-phishing-report-2023/112015/) | **Lookalike LLM** T1583 Acquire Infrastructure | N/A | | Unsub2 - Kaspersky | N/A | “Smart chatbots” were also used as “consultants” on making money online. On one site a bot pretending to be an Elon Musk design advertised investment services. After telling the new “client” that it could make them rich quickly, the robot asked about their education, income level, and investment experience. Regardless of the answers, the bot informed the client that it would do all the earning. Next, it demonstrated an amount it could offer and prompted the user to register simply by providing their contact details. Events then likely unfolded as in other similar schemes: The “AI” asked for a small fee in recognition of its intellectual abilities, and then simply vanished into the ether. [Source](https://securelist.com/spam-phishing-report-2023/112015/) | **Lookalike LLM** T1583 Acquire Infrastructure
**LLM-supported social engineering** T1566 - Phishing | N/A | | Multiple Unsub - JFrog | N/A | In an "investigation of a malicious machine-learning model...The model’s payload grants the attacker a shell on the compromised machine, enabling them to gain full control over victims’ machines through what is commonly referred to as a “backdoor”...It’s crucial to emphasize that when we refer to “malicious models”, we specifically denote those housing real, harmful payloads. Our analysis has pinpointed around 100 instances of such models to date... [Source](https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/) | **LL Models used for backdoor deployment** T1195.001 Supply Chain Compromise - Compromise Software Dependencies and Development Tools T1059 Command and Scripting Interpreter | N/A | | GXC Team
group leader: googleXcoder | | Resecurity has uncovered a cybercriminal group known as "**GXC Team**", which specializes in crafting tools for online banking theft, ecommerce fraud, and internet scams. Around November 11th, 2023, the group's leader, operating under the alias "**googleXcoder**", made multiple announcements on the Dark Web. These posts introduced a new tool that incorporates Artificial Intelligence (AI) for creating fraudulent invoices used for wire fraud and Business E-Mail Compromise (BEC) scams.
This tool employs proprietary algorithms to scrutinize compromised emails through POP3/IMAP4 protocols, identifying messages that either mention invoices or include attachments with payment details. Upon detection, the tool alters the banking information of the intended recipient (like the victim's supplier) to details specified by the perpetrator. The altered invoice is then either replaced in the original message or sent to a predetermined list of contacts. These methods are commonly employed in wire fraud and well-known bogus invoice scams. Often, accountants and staff in victimized companies do not thoroughly check invoices that appear familiar or nearly genuine, leading to unverified payments.
The tool's multi-language capability enables the automatic scanning of messages without any manual intervention, providing the actors with significant advantages.
The tool's interface includes options to configure simple mail transfer protocol (SMTP) settings for sending out emails with the fabricated invoices it generates. Moreover, the tool includes a feature that sends reports to a designated Telegram channel, serving as an alternative to traditional command-and-control (C2C) communication. This functionality also extends to providing details about the generated invoices. | **LLM-informed reconnaissance**
T1592 - Gather Victim Org Information
**LLM-enhanced scripting techniques**
T1588 - Develop Capabilities: Tool
**LLM-supported social engineering**
T1566 - Phishing
**LLM-directed Automated Collection**
T1114 Email Collection
**LLM-enhanced data manipulation**
T1565 Data Manipulation
T1657 Financial Theft
| [Resecurity](https://www.resecurity.com/blog/article/cybercriminals-implemented-artificial-intelligence-ai-for-invoice-fraud) | | Multiple UnSub - South China Post | | Four cyber attackers in China have been arrested for developing ransomware...The attack was first reported by an unidentified company in Hangzhou, capital of eastern Zhejiang province, which had its systems blocked by ransomware, according to a Thursday report by state-run Xinhua News Agency. The hackers demanded 20,000 Tether, a cryptocurrency stablecoin pegged one-to-one to the US dollar, to restore access....The police in late November arrested two suspects in Beijing and two others in Inner Mongolia, who admitted to “writing versions of ransomware, optimising the program with the help of ChatGPT, conducting vulnerability scans, gaining access through infiltration, implanting ransomware, and carrying out extortion”, the report said. | **LLM-aided development** T1587 - Develop Capabilities: Malware
| [South China Post](https://www.scmp.com/tech/tech-trends/article/3246612/chatgpt-aided-ransomware-china-results-four-arrests-ai-raises-cybersecurity-concerns)
recommend removepaywall.com for this site | | baller423/goober2 | potentially star23/baller13 or just ties between them | Recently, our scanning environment flagged a particularly intriguing PyTorch model uploaded by a new user named baller423—though since deleted. The repository, baller423/goober2, contained a PyTorch model file harboring an intriguing payload....This IP address range belonging to KREOnet, which stands for “Korea Research Environment Open NETwork,” may serve as potential evidence suggesting the involvement of researchers in attempting the exploit [Source](https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/) | **LL Models used for backdoor deployment** T1195.001 Supply Chain Compromise - Compromise Software Depedencies and Development Tools T1059.001 Command and Scripting Interpreter: Powershell | | | star23/baller13 | potentially baller423/goober2 or just ties between them | Shortly after the model was removed, we encountered further instances of the same payload with varying IP addresses. One such instance remains active: star23/baller13. It’s worth noting the similarity in the model name to the deleted user, suggesting potential ties between them. [Source](https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/) | **LL Models used for backdoor deployment** T1195.001 Supply Chain Compromise - Compromise Software Depedencies and Development Tools T1059.001 Command and Scripting Interpreter: Powershell | N/A | | Multiple Unsub - NCSC UK | N/A | Threat actors, including ransomware actors, are already using AI to increase the efficiency and effectiveness of aspects of cyber operations, such as reconnaissance, phishing and coding [Source](https://www.ncsc.gov.uk/report/impact-of-ai-on-cyber-threat) | **LLM-informed reconnaissance** T1593 - Search Open Websites/Domains
**LLM-supported social engineering** T1566 - Phishing
**LLM-aided development** T1587 - Develop Capabilities: Tool
**LLM-aided development** T1587 - Develop Capabilities: Malware
**LLM-enhanced scripting techniques** T1587 - Develop Capabilities | [Multiple Unsub - NCSC](https://github.com/cybershujin/Threat-Actors-Use-of-Artifical-Intelligence/tree/main/Multiple UnSub SlashNext) | | Multiple Unsub - SlashNext | N/A | Since Q4 of 2022 when ChatGPT became widely available, there has been a 1,265% increase in malicious phishing emails, with a 967% rise in credential phishing in particular. [Source](https://www.cnbc.com/2023/11/28/ai-like-chatgpt-is-creating-huge-increase-in-malicious-phishing-email.html) | **LLM-supported social engineering** T1566 - Phishing | [Multile Unsub - SlashNext](https://github.com/cybershujin/Threat-Actors-Use-of-Artifical-Intelligence/tree/main/Multiple UnSub SlashNext) | | Multiple Unsub North Korea - US National Security Advisor | N/A | On Oct. 18, 2023 U.S. Deputy National Security Advisor Anne Neuberger said that North Korea's use of artificial intelligence (AI) is enhancing the country's cyber capabilities, which puts enterprises around the globe at significant risk. Neuberger said, "We have observed some North Korean and other nation-state and criminal actors try to use AI models to help accelerate writing malicious software and finding systems to exploit." | **LLM-assisted vulnerability research** T1588.006 Obtain Capabilities: Vulnerabilities
**LLM-enhanced scripting techniques** T1588 - Develop Capabilities: Tool | | | Scattered Spider | UNC3944, Storm-0875 | In the second half of 2023, SCATTERED SPIDER used the Azure AD PowerShell module to download all Entra ID user immutable IDs at a North American financial services victim. Using its Entra ID backdoor, the adversary could log in as any of the downloaded users. The PowerShell used to download the users’ immutable IDs resembled large language model (LLM) outputs such as those from ChatGPT. In particular, the pattern of one comment, the actual command and then a new line for each command matches the Llama 2 70B model output. [Source](https://asantecloud.com/wp-content/uploads/2024/02/GlobalThreatReport2024_Asante.pdf) | **LLM-enhanced scripting techniques** T1588 - Develop Capabilities: Tool | Link Coming Soon | | Indrik Spider | Evil Corp | In February 2023, CrowdStrike Services responded to an INDRIK SPIDER incident involving BITWISE SPIDER’s LockBit RED ransomware. During this incident, INDRIK SPIDER exfiltrated credentials from cloud-based credential manager Azure Key Vault. Logs show that INDRIK SPIDER also visited ChatGPT while interacting with the Azure Portal. In addition to visiting ChatGPT while browsing the Azure Portal — presumably to understand how to navigate in Azure — browsing activity analysis indicates INDRIK SPIDER used search engines such as Google and Bing and searched on GitHub during the operations to understand how to exfiltrate Azure Key Vault credentials. Using search engines and visiting ChatGPT indicate that though INDRIK SPIDER is likely new to the cloud and not yet sophisticated in this domain, it is using generative AI to fill these knowledge gaps. [Source](https://asantecloud.com/wp-content/uploads/2024/02/GlobalThreatReport2024_Asante.pdf) | **LLM-informed reconnaissance** T1593 - Search Open Websites/Domains [Source](https://www.state.gov/digital-press-briefing-with-anne-neuberger-deputy-national-security-advisor-for-cyber-and-emerging-technologies/) | N/A | | UnSubs - Mandiant | N/A but described as "actors aligned with nation-states including Russia, the People's Republic of China (PRC), Iran, Ethiopia, Indonesia, Cuba, Argentina, Mexico, Ecuador, and El Salvador, along with non-state actors such as individuals on the 4chan forum." | Since 2019, Mandiant has identified numerous instances of information operations leveraging GANs, typically for use in profile photos of inauthentic personas, including by actors aligned with nation-states including Russia, the People's Republic of China (PRC), Iran, Ethiopia, Indonesia, Cuba, Argentina, Mexico, Ecuador, and El Salvador, along with non-state actors such as individuals on the 4chan forum. We judge that the publicly available nature of GAN-generated image tools such as the website thispersondoesnotexist.com has likely contributed to their frequent usage in information operations (Figure 2). Actors have also taken steps to obfuscate the AI-generated origin of their profile photos through tactics like adding filters or retouching facial features...Mandiant has noted evidence of financially motivated actors using manipulated video and voice content in business email compromise (BEC) scams, North Korean cyber espionage actors using manipulated images to defeat know your customer (KYC) requirements, and voice changing technology used in social engineering targeting Israeli soldiers. [Source](https://www.mandiant.com/resources/blog/threat-actors-generative-ai-limited) | **DeepFake for Impersonation** T1587 - Develop capabilities | N/A | | CanadianKingpin12 | | An investigation from researchers at cybersecurity company SlashNext, reveals that CanadianKingpin12 is actively training new chatbots using unrestricted data sets sourced from the dark web or basing them on sophisticated large language models developed for fighting cybercrime.
The researchers also learned that the advertiser also had access to another large language model named DarkBERT developed by South Korean researchers and trained on dark web data but to fight cybercrime.
This is not included in the analysis, but wanted to list this report for completeness. The reason this is not used in analysis is based on Dr.Chung, the Head of AI & the author of DarkBERT at S2W comment: *Since S2W adheres to the strict and ethical guidelines outlined by the ACL, access to DarkBERT is granted following careful evaluation and is exclusively approved for academic and public interest.* | N/A source not credible | | | GTG-1002 | Chinese state-sponsored (Anthropic designation); MITRE ATT&CK Campaign C0062 | Anthropic disrupted what it calls the first reported AI-orchestrated cyber-espionage campaign: the actor manipulated Claude Code (via a "defensive security firm" roleplay jailbreak and task decomposition) into running a largely autonomous intrusion against ~30 global targets (major tech, financial, chemical, government), succeeding in a small number. AI performed an estimated 80–90% of tactical work — reconnaissance, exploit research/writing, credential harvesting, lateral movement, and data triage/exfiltration — with only 4–6 human decision points per campaign. [Anthropic](https://www.anthropic.com/news/disrupting-AI-espionage) | **LLM-orchestrated operations** TA0002 - Execution (full kill-chain)
**LLM-informed reconnaissance** T1595 - Active Scanning
**LLM-assisted vulnerability research** T1588.006 - Obtain Capabilities: Vulnerabilities
**LLM-aided development** T1587 - Develop Capabilities
**LLM-directed Automated Collection** T1567 - Exfiltration Over Web Service | [Anthropic – Disrupting the first reported AI-orchestrated cyber espionage campaign](https://www.anthropic.com/news/disrupting-AI-espionage) | | GTG-2002 | "vibe hacking" data-extortion actor (Anthropic) | Used Claude Code as an active operational agent across at least 17 organizations (healthcare, emergency services, government, religious) in roughly a month: automated reconnaissance, credential harvesting, and network penetration, then analyzed exfiltrated data to size ransom demands ($75K–$500K+ in BTC) and generated per-victim custom HTML ransom notes. First confirmed AI-run extortion operation. [Anthropic](https://www.anthropic.com/news/detecting-countering-misuse-aug-2025) | **LLM-orchestrated operations** TA0002 - Execution
**LLM-aided development** T1587.001 - Develop Capabilities: Malware
**LLM-enhanced extortion/negotiation** T1657 - Financial Theft
**LLM-directed Automated Collection** T1567 - Exfiltration Over Web Service | [Anthropic – Detecting and countering misuse of AI: August 2025](https://www.anthropic.com/news/detecting-countering-misuse-aug-2025) | | GTG-5004 | UnSub RaaS developer (Anthropic) | A low-skill criminal, apparently dependent on the model, used Claude to build, market, and sell a ransomware-as-a-service line (ChaCha20 encryption, anti-EDR, anti-recovery, Windows-internals exploitation), sold since ~January 2025 on Dread, CryptBB and Nulled at ~$400 (DLL/exe) / ~$800 (full RaaS kit with PHP console + C2) / ~$1,200 (FUD crypter). [Anthropic](https://www.anthropic.com/news/detecting-countering-misuse-aug-2025) | **LLM-aided development** T1587.001 - Develop Capabilities: Malware
**LLM-optimized payload crafting** T1027 - Obfuscated Files/Information (FUD crypter)
**LLM-enhanced anomaly detection evasion** T1562.001 - Impair Defenses (anti-EDR)
T1490 - Inhibit System Recovery | [Anthropic – Detecting and countering misuse of AI: August 2025](https://www.anthropic.com/news/detecting-countering-misuse-aug-2025) | | APT41 | Wicked Panda, BARIUM, Winnti, Double Dragon (PRC) | Through August 2025, GTIG observed APT41 using Gemini for C++/Golang code development on multiple tools — including a C2 framework the actor called OSSTUN — and for code-obfuscation help using public obfuscation libraries. [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | **LLM-aided development** T1587.001 - Develop Capabilities: Malware
**LLM-optimized payload crafting** T1027 - Obfuscated Files/Information
T1071 - Application Layer Protocol (C2 development) | [GTIG – AI Threat Tracker: Advances in Threat Actor Usage of AI Tools](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | | APT42 | Charming Kitten, Mint Sandstorm, TA453, Yellow Garuda (Iran, IRGC) | Used Gemini's text generation/editing to craft phishing material impersonating think-tank staff and for translation/geopolitical research; notably attempted to build a "Data Processing Agent" converting natural-language requests into SQL queries to mine sensitive personal data. [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | **LLM-supported social engineering** T1566 - Phishing
**LLM-informed reconnaissance** T1591 - Gather Victim Org Information
**LLM-enhanced data manipulation** T1213 - Data from Information Repositories (NL-to-SQL agent) | [GTIG – AI Threat Tracker](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | | TEMP.Zagros | MUDDYCOAST, MuddyWater, Mango Sandstorm, Static Kitten, Seedworm (Iran) | Used Gemini to research and support development of custom malware (a Python C2 server and web shells) — an evolution in the group's capability — using social-engineering pretexts (posing as a student on a final-year project or a paper author) to bypass Gemini's safety guardrails. [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | **LLM-aided development** T1587.001 - Develop Capabilities: Malware
T1505.003 - Server Software Component: Web Shell | [GTIG – AI Threat Tracker](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | | UNC1069 | MASAN, CryptoCore (DPRK; BlueNoroff/Lazarus-adjacent) | Used Gemini for cryptocurrency research and reconnaissance on where victims' wallet application data is stored, generated multilingual lures, and attempted crypto-theft code. Separately used AI-generated deepfake images/video (including a deepfaked crypto-company CEO on a Zoom call) to lure victims into installing the BIGMACHO backdoor disguised as a Zoom SDK. [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) (see also the deepfake table below) | **LLM-informed reconnaissance** T1593 - Search Open Websites/Domains
**LLM-supported social engineering** T1566 - Phishing
**LLM-aided development** T1587 - Develop Capabilities
**DeepFake for Impersonation** T1656 - Impersonation | [GTIG – AI Threat Tracker](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) · [GTIG – UNC1069](https://cloud.google.com/blog/topics/threat-intelligence/unc1069-targets-cryptocurrency-ai-social-engineering) | | UNC4899 | PUKCHONG (DPRK; supply-chain compromise, TraderTraitor/Lazarus cluster) | Used Gemini to develop code, research exploits (with a focus on edge devices and modern browsers), and improve tooling. [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | **LLM-assisted vulnerability research** T1588.006 - Obtain Capabilities: Vulnerabilities
**LLM-aided development** T1587.001 - Develop Capabilities: Malware
T1195 - Supply Chain Compromise | [GTIG – AI Threat Tracker](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | | UNC2970 | DPRK; "Operation Dream Job" recruiter-impersonation cluster (Lazarus-adjacent) | Used Gemini to synthesize OSINT and profile high-value targets for campaign planning — searching information on major cybersecurity/defense firms and mapping specific technical job roles and salary data (consistent with fake-recruiter tradecraft). [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use) | **LLM-informed reconnaissance** T1591 - Gather Victim Org Information
T1589 - Gather Victim Identity Information
Supports T1566.003 - Spearphishing via Service | [GTIG – Distillation, Experimentation, and Integration of AI for Adversarial Use](https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use) | | APT31 | Zirconium, Judgment Panda, Violet Typhoon (PRC) | Prompted Gemini with an expert-cybersecurity persona to automate vulnerability analysis and generate targeted testing plans — in one case trialing Hexstrike MCP tooling and directing the model to analyze RCE, WAF-bypass, and SQL-injection results against specific US targets. [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use) | **LLM-assisted vulnerability research** T1595 - Active Scanning
T1587.004 - Develop Capabilities: Exploits
Agentic/MCP-assisted offensive testing | [GTIG – Distillation, Experimentation…](https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use) | | Temp.HEX | PRC (Mustang Panda / TA416 reporting overlap) | Misused Gemini and other AI tools to compile detailed dossiers on specific individuals (including targets in Pakistan) and collect operational and structural data on separatist organizations in multiple countries. [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use) | **LLM-informed reconnaissance** T1591 - Gather Victim Org Information
T1589 - Gather Victim Identity Information | [GTIG – Distillation, Experimentation…](https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use) | | UNC795 | PRC (GTIG designator) | Relied heavily on Gemini across the full attack lifecycle — engaging multiple days a week to troubleshoot code, research, and generate technical capabilities for intrusion activity, including interest in AI-integrated (agentic) code-auditing. [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use) | **LLM-aided development** T1587.001 - Develop Capabilities: Malware
**LLM-enhanced scripting techniques** T1059 - Command and Scripting Interpreter | [GTIG – Distillation, Experimentation…](https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use) | | UNC6418 | UnSub (GTIG; targets Ukraine/defense) | Misused Gemini for targeted intelligence gathering — hunting sensitive account credentials and email addresses — after which GTIG observed those same accounts hit in a phishing campaign against Ukraine and the defense sector. [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use) | **LLM-informed reconnaissance** T1589 - Gather Victim Identity Information
**LLM-supported social engineering** T1566 - Phishing | [GTIG – Distillation, Experimentation…](https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use) | | UnSub (China-nexus, CTF-pretext) — GTIG | UnSub | Misused Gemini to craft lures, build infrastructure, and develop data-exfiltration tooling; when refused, reframed prompts as a "capture-the-flag (CTF) exercise" to defeat guardrails, then applied the pretext to advance phishing, exploitation, and web-shell development. [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | **LLM-supported social engineering** T1566 - Phishing
T1505.003 - Server Software Component: Web Shell | [GTIG – AI Threat Tracker](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | | UnSub (China-nexus, cloud intrusion) — GTIG | UnSub | Suspected China-nexus actor leveraged Gemini across intrusion stages — reconnaissance, phishing/payload-delivery research, lateral movement, in-victim C2 support, and data-exfiltration help — including on unfamiliar surfaces (AWS, vSphere, Kubernetes). [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | **LLM-informed reconnaissance** T1590 - Gather Victim Network Information
T1021 - Remote Services (lateral movement)
T1071 - Application Layer Protocol (C2)
T1567 - Exfiltration Over Web Service | [GTIG – AI Threat Tracker](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | | UNC5356 | Financially motivated (GTIG); COINBAIT phishing kit | Built the COINBAIT phishing kit using the AI app-builder platform Lovable AI (evidenced by the lovableSupabase client and lovable.app image hosting in samples). [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use) | **AI-generated attack infrastructure (app-builder abuse)** T1583.001 - Acquire Infrastructure / T1608 - Stage Capabilities
**LLM-supported social engineering** T1566 - Phishing | [GTIG – Distillation, Experimentation…](https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use) | | Multiple UnSub — OpenAI (Oct 2025) | RU-, KR-, CN-language clusters | OpenAI disrupted accounts where (a) Russian-language actors refined malware including RATs and credential stealers plus evasion; (b) Korean-language operators developed C2 systems; and (c) alleged China-linked actors crafted phishing and debugged malware targeting Taiwan's semiconductor sector, US academia and political groups. OpenAI's framing: actors "bolt AI onto old playbooks," gaining no novel capability. [OpenAI](https://openai.com/global-affairs/disrupting-malicious-uses-of-ai-october-2025/) | **LLM-aided development** T1587.001 - Develop Capabilities: Malware
T1071 - Application Layer Protocol (C2 development)
**LLM-supported social engineering** T1566 - Phishing
**LLM-enhanced scripting techniques** T1059 - Command and Scripting Interpreter | [OpenAI – Disrupting malicious uses of AI: October 2025](https://openai.com/global-affairs/disrupting-malicious-uses-of-ai-october-2025/) | | UnSub carding operator — Anthropic | UnSub | Used Claude to build out a carding (stolen-payment-card) service, developing advanced API-integration and operational-resilience mechanisms for the criminal service. [Anthropic](https://www-cdn.anthropic.com/b2a76c6f6992465c09a6f2fce282f6c0cea8c200.pdf) | **LLM-advised resource development** T1587 - Develop Capabilities
T1102 - Web Service (API integration) | [Anthropic – Threat Intelligence Report: August 2025 (PDF)](https://www-cdn.anthropic.com/b2a76c6f6992465c09a6f2fce282f6c0cea8c200.pdf) | | RevengeHotels | TA558 (Kaspersky) | Summer-2025 campaigns against Brazilian and Spanish-speaking hotels in which a significant portion of the initial-infector and downloader code appears LLM-generated (clean structure, placeholder variables, verbose per-action comments), delivering VenomRAT (HVNC, stealer, reverse proxy, UAC bypass). *Analyst note: LLM authorship inferred from code style, not captured model logs.* [Kaspersky](https://securelist.com/revengehotels-attacks-with-ai-and-venomrat-across-latin-america/117493/) | **LLM-enhanced scripting techniques** T1059 - Command and Scripting Interpreter
**LLM-aided development** T1587.001 - Develop Capabilities: Malware
T1566.001 - Spearphishing Attachment | [Kaspersky/Securelist – RevengeHotels with AI and VenomRAT](https://securelist.com/revengehotels-attacks-with-ai-and-venomrat-across-latin-america/117493/) | | Armored Likho | Eagle Werewolf (Kaspersky) | Spear-phishing espionage against government and electric-power targets in Russia, Kazakhstan and Brazil; loader source shows verbose comments, bullet-point emoji, and redundant blocks that Kaspersky attributes to LLM generation, deploying the new Python BusySnake Stealer (PyArmor-obfuscated; credential/cookie theft, reverse SSH). *Analyst note: LLM authorship inferred from code style.* [Kaspersky](https://securelist.com/armored-likho-apt-with-busysnake-stealer/120292/) | **LLM-aided development** T1587.001 - Develop Capabilities: Malware
T1566.001 - Spearphishing Attachment
T1027 - Obfuscated Files/Information | [Kaspersky/Securelist – Armored Likho's BusySnake Stealer](https://securelist.com/armored-likho-apt-with-busysnake-stealer/120292/) | | Global Group | RaaS (SentinelLABS) | From mid-2025 advertised an "AI-Assisted Chat" negotiation feature to affiliates that analyzes victim-company data (revenue, public behavior) to tailor extortion communications and pressure victims — AI operationalized in the extortion/negotiation phase. [SentinelLABS](https://www.sentinelone.com/labs/llms-ransomware-an-operational-accelerator-not-a-revolution/) | **LLM-enhanced extortion/negotiation** T1657 - Financial Theft
**LLM-informed reconnaissance** T1591 - Gather Victim Org Information | [SentinelLABS – LLMs & Ransomware: An Operational Accelerator](https://www.sentinelone.com/labs/llms-ransomware-an-operational-accelerator-not-a-revolution/) | | Multiple UnSub — CrowdStrike | UnSub (eCrime) | CrowdStrike's 2026 Global Threat Report: adversaries exploited legitimate GenAI tools at 90+ organizations by injecting malicious prompts to generate commands used to steal credentials and cryptocurrency (no named actor). CrowdStrike also reports ChatGPT referenced in criminal forums 550% more than any other model, and an 89% YoY rise in AI-enabled operations. *Bias note: vendor sells EDR/identity products.* [CrowdStrike](https://www.crowdstrike.com/en-us/blog/crowdstrike-2026-global-threat-report-findings/) | **LLM-enhanced scripting techniques** T1059 - Command and Scripting Interpreter
T1555 - Credentials from Password Stores
T1657 - Financial Theft | [CrowdStrike – 2026 Global Threat Report](https://www.crowdstrike.com/en-us/blog/crowdstrike-2026-global-threat-report-findings/) | | Multiple UnSub — Proofpoint | UnSub (multiple operators) | Cybercriminals abused Lovable (an AI site-builder) to mass-produce credential-phishing pages (Microsoft/bank spoofs behind CAPTCHA), fraud sites funneling to Telegram, crypto-wallet-draining DeFi clones, and redirectors delivering zgRAT/DOILoader — tens of thousands of malicious Lovable URLs per month since February 2025, affecting 5,000+ organizations. *Bias note: vendor sells email/URL security.* [Proofpoint](https://www.proofpoint.com/us/blog/threat-insight/cybercriminals-abuse-ai-website-creation-app-phishing) | **AI-generated attack infrastructure (app-builder abuse)** T1583.001 - Acquire Infrastructure / T1608 - Stage Capabilities
**LLM-supported social engineering** T1566 - Phishing
T1657 - Financial Theft | [Proofpoint – Cybercriminals Abuse AI Website Creation App For Phishing](https://www.proofpoint.com/us/blog/threat-insight/cybercriminals-abuse-ai-website-creation-app-phishing) | | Coral Sleet | Storm-1877 (DPRK) | Microsoft observed rapid capability growth via AI-assisted iterative development — using AI coding tools to generate, refine and reimplement malware components, agentic AI for an end-to-end lure-development workflow, and jailbroken LLM software to generate malicious code. [Microsoft](https://www.microsoft.com/en-us/security/blog/2026/03/06/ai-as-tradecraft-how-threat-actors-operationalize-ai/) | **LLM-aided development** T1587.001 - Develop Capabilities: Malware
**LLM-supported social engineering** T1566 - Phishing (agentic lure development) | [Microsoft – AI as tradecraft: How threat actors operationalize AI](https://www.microsoft.com/en-us/security/blog/2026/03/06/ai-as-tradecraft-how-threat-actors-operationalize-ai/) | | Sapphire Sleet | DPRK (crypto-theft / fake-recruiter cluster) | Develops fake digital personas using AI to support social-engineering campaigns targeting employment/recruitment opportunities. [Microsoft](https://www.microsoft.com/en-us/security/blog/2026/03/06/ai-as-tradecraft-how-threat-actors-operationalize-ai/) | **LLM-supported social engineering** T1585 - Establish Accounts (AI personas)
T1566.003 - Spearphishing via Service | [Microsoft – AI as tradecraft](https://www.microsoft.com/en-us/security/blog/2026/03/06/ai-as-tradecraft-how-threat-actors-operationalize-ai/) | | QUIETVAULT | UnSub (GTIG); JS credential stealer | A credential/token stealer (GitHub/npm tokens) that, beyond its primary targets, invokes AI prompts and on-host installed AI CLI tools to search the infected system for additional secrets, then exfiltrates via attacker-created public GitHub repos. Novel abuse of the victim's own AI tooling. [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | **LL Models used for backdoor deployment** (on-host AI abused for collection) T1552 - Unsecured Credentials
T1119 - Automated Collection
T1567 - Exfiltration Over Web Service | [GTIG – AI Threat Tracker](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | | PROMPTFLUX | UnSub (GTIG; likely financially motivated) | Experimental VBScript dropper with a "Thinking Robot" module that calls the Gemini API at runtime to request VBScript obfuscation/evasion techniques for "just-in-time" self-modification, rewriting its own source into the Startup folder; spreads via removable drives and network shares. GTIG assesses it experimental and not yet observed deployed in operations. [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | **LLM-embedded malware (runtime generation)** T1027 - Obfuscated Files/Information
T1059.005 - Command and Scripting Interpreter: Visual Basic
T1547.001 - Registry Run Keys / Startup Folder | [GTIG – AI Threat Tracker](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | | UnSub — Huntress (AI-generated AD recon) | UnSub | An unnamed actor deployed an AI-generated PowerShell script (self-labeled "100% Working AD Information Gathering Script - FULLY FIXED") to enumerate Active Directory, alongside s5cmd and SharpShares. [Huntress via The Hacker News](https://thehackernews.com/2026/07/attacker-uses-suspected-ai-generated.html) | **LLM-enhanced scripting techniques** T1059.001 - Command and Scripting Interpreter: PowerShell
T1087 - Account Discovery
T1069 - Permission Groups Discovery | [The Hacker News (reporting Huntress) – Attacker Uses Suspected AI-Generated PowerShell to Map AD](https://thehackernews.com/2026/07/attacker-uses-suspected-ai-generated.html) | | | | | | | ## Appendix A: LLM-themed TTPs **LLM-informed reconnaissance:** Employing LLMs to gather actionable intelligence on technologies and potential vulnerabilities. (CREDIT: Microsoft) **LLM-enhanced scripting techniques:** Utilizing LLMs to generate or refine scripts that could be used in cyberattacks, or for basic scripting tasks such as programmatically identifying certain user events on a system and assistance with troubleshooting and understanding various web technologies.(CREDIT: Microsoft) **LLM-aided development:** Utilizing LLMs in the development lifecycle of tools and programs, including those with malicious intent, such as malware.(CREDIT: Microsoft) **LLM-supported social engineering:** Leveraging LLMs for assistance with translations and communication, likely to establish connections or manipulate targets.(CREDIT: Microsoft) **LLM-assisted vulnerability research:** Using LLMs to understand and identify potential vulnerabilities in software and systems, which could be targeted for exploitation.(CREDIT: Microsoft) **LLM-optimized payload crafting:** Using LLMs to assist in creating and refining payloads for deployment in cyberattacks.(CREDIT: Microsoft) **LLM-enhanced anomaly detection evasion:** Leveraging LLMs to develop methods that help malicious activities blend in with normal behavior or traffic to evade detection systems.(CREDIT: Microsoft) **LLM-directed security feature bypass:** Using LLMs to find ways to circumvent security features, such as two-factor authentication, CAPTCHA, or other access controls.(CREDIT: Microsoft) **LLM-advised resource development:** Using LLMs in tool development, tool modifications, and strategic operational planning.(CREDIT: Microsoft) **Lookalike LLM:** Using LLMs to appear to be another legitimate LLM tool such as a chatbot. Similar to look-alike domain activity. (CREDIT: Rachel James based on Kaspersky report) **LL Models used for backdoor deployment:** The model’s payload grants the attacker a shell on the compromised machine, enabling them to gain full control over victims’ machines through what is commonly referred to as a “backdoor” (CREDIT: Rachel James based on JFrog report) **DeepFake for Impersonation:** Where generative AI is used to make audio, video or photographic media used to impersonate individuals (CREDIT: Rachel James based on various reports) **LLM-directed Automated Collection**: Once established within a system or network, an adversary may use automated techniques for collecting internal data. Using LLMs the may train the model to search and copy for information fitting specific criteria. (CREDIT: Rachel James based on GXC Team activity) **LLM-enhanced data manipulation**: Adversaries may insert, delete, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data. By using LLMs to manipulate data, adversaries may attempt to affect a business process, organizational understanding, or decision making at large scales. (CREDIT: Rachel James based on GXC Team activity) **LLM-orchestrated operations (Agentic AI attack orchestration):** Where a threat actor delegates multi-stage execution of the intrusion lifecycle to an agentic LLM or AI coding tool (e.g., Claude Code), with the AI performing the majority of tactical actions under minimal human direction. Maps broadly across TA0002 Execution and multiple tactics. (CREDIT: Rachel James based on Anthropic GTG-1002 and GTG-2002 reports) **LLM-embedded malware (runtime command/code generation):** Malware that calls an LLM API at runtime to generate the commands, scripts, or obfuscation it executes, rather than hard-coding them. Maps to T1059 Command and Scripting Interpreter. (CREDIT: Rachel James based on GTIG reporting on PROMPTSTEAL/LameHug, PROMPTFLUX, and QUIETVAULT) **LLM-enhanced extortion/negotiation:** Using an LLM to analyze victim data and tailor ransom demands or extortion/negotiation communications for pressure. Maps to T1657 Financial Theft. (CREDIT: Rachel James based on Anthropic GTG-2002 ransom-note generation and SentinelLABS Global Group "AI-Assisted Chat") **AI-generated attack infrastructure (app-builder abuse):** Using generative-AI app or website builders (e.g., Lovable, Replit) to rapidly produce phishing or fraud infrastructure at scale. Maps to T1583.001 Acquire Infrastructure / T1608 Stage Capabilities. (CREDIT: Rachel James based on Proofpoint and GTIG reporting; extends the Bitter APT/Replit precedent) # !!! still under construction !!! ## Deepfake categories **DeepFake for Impersonation:** Where generative AI is used to make audio, video or photographic media used to impersonate individuals (CREDIT: Rachel James based on various reports) - Financial Fraud - Employment/Hiring fraud - Blackmail / Extorsion - deepfake porn **DeepFake for Synthetic Identity:** Where generative AI is used to make audio, video or photographic media used to impersonate individuals (CREDIT: Rachel James based on various reports)
**DeepFake for Influence Operations:** Where generative AI is used to make audio, video or photographic media used to impersonate individuals for the purposes of political or social influence campaigns, typically associated with an objective to distribute mis/dis/mal information. (CREDIT: Rachel James based on various reports) | Year and Month | Name of Actor (if known) | Victim | Brief | TTP | Link | | -------------- | ------------------------ | ------------------ | ------------------------------------------------------------ | ------------------------------------------------------------ | ------------------------------------------------------------ | | 2022 June | Multiple UnSubs | unknown (multiple) | Complaints report the use of voice spoofing, or potentially voice deepfakes, during online interviews of the potential applicants. In these interviews, the actions and lip movement of the person seen interviewed on-camera do not completely coordinate with the audio of the person speaking. At times, actions such as coughing, sneezing, or other auditory actions are not aligned with what is presented visually. | **DeepFake for Impersonation**
Employment/Hiring fraud | [Internet Crime Complaint Center IC3]( https://www.ic3.gov/Media/Y2022/PSA220628) | | 2023 August | Multiple UnSubs | unknown (multiple) | Hong Kong police have arrested six people over the use of deepfake technology to take out loans in other people’s names...In this context, police had uncovered a local fraud syndicate that used eight stolen Hong Kong identity cards – all of which had already been reported as lost – to make 90 loan applications and 54 bank account registrations between last September and July, he said...Deepfake methods were used in at least 20 instances to imitate those pictured in the identity cards and trick facial recognition programmes, Ko added. | **DeepFake for Impersonation**
Financial fraud | [Hong Kong Free Press](https://hongkongfp.com/2023/08/25/in-first-hong-kong-police-arrest-6-over-finance-scams-involving-deepfake-technology/) | | 2023 August | Unsub | Unknown | It comes after police said they received a report from a man who said scammers attempted to trick him by swapping his face onto a pornographic video before trying to blackmail him. | **DeepFake for Impersonation**
Blackmail /extorsion (sextorsion with deepfake porn) | [Hong Kong Free Press](https://hongkongfp.com/2023/08/25/in-first-hong-kong-police-arrest-6-over-finance-scams-involving-deepfake-technology/) | | 2023 August | APT43 | Unknwon | Since 2019, Mandiant has identified numerous instances of information operations leveraging GANs, typically for use in profile photos of inauthentic personas, including by actors aligned with nation-states including Russia, the People's Republic of China (PRC), Iran, Ethiopia, Indonesia, Cuba, Argentina, Mexico, Ecuador, and El Salvador, along with non-state actors such as individuals on the 4chan forum. We judge that the publicly available nature of GAN-generated image tools such as the website thispersondoesnotexist.com has likely contributed to their frequent usage in information operations (Figure 2). Actors have also taken steps to obfuscate the AI-generated origin of their profile photos through tactics like adding filters or retouching facial features. | **DeepFake for Synthetic Identity** | [Mandiant - Threat Actors are Interested in Generative AI, but Use Remains Limited](https://www.mandiant.com/resources/blog/threat-actors-generative-ai-limited)| | 2023 August | DragonBridge | United States leaders | In March 2023, DRAGONBRIDGE leveraged several AI-generated images in order to support narratives negatively portraying U.S. leaders. One such image used by DRAGONBRIDGE was originally produced by the journalist Eliot Higgins, who stated in a tweet that he used Midjourney to generate the images, suggesting that he did so to demonstrate the tool’s potential uses. | **DeepFake for Influence Operations** | [Mandiant - Threat Actors are Interested in Generative AI, but Use Remains Limited](https://www.mandiant.com/resources/blog/threat-actors-generative-ai-limited)| | 2023 May | DragonBridge | Bloomberg | In May 2023, U.S. stock market prices briefly dropped after Twitter accounts, including the Russian state media outlet, RT, and the verified account, @BloombergFeed, which posed as an account associated with the Bloomberg Media Group, shared an AI-generated image depicting an alleged explosion near the Pentagon. | **DeepFake for Influence Operations** | [Mandiant - Threat Actors are Interested in Generative AI, but Use Remains Limited](https://www.mandiant.com/resources/blog/threat-actors-generative-ai-limited)| | 2022 March | unknown | Ukraine | In March 2022, following the Russian invasion of Ukraine, an information operation promoted a fabricated message alleging Ukraine's capitulation to Russia through various means, including via a deepfake video of Ukrainian President Volodymyr Zelensky | **DeepFake for Influence Operations** | [Mandiant - Threat Actors are Interested in Generative AI, but Use Remains Limited](https://www.mandiant.com/resources/blog/threat-actors-generative-ai-limited)| | 2025 November | UNC1069 (MASAN) | Cryptocurrency-sector individuals | A victim reported that during a call they were shown a deepfake video of a CEO from another cryptocurrency company, used to lure them into installing the BIGMACHO backdoor (disguised as a Zoom SDK). | **DeepFake for Impersonation**
Financial fraud (crypto) | [GTIG - AI Threat Tracker](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | | 2025 Aug–2026 | DPRK IT-worker operation | US Fortune 500 / global employers | DPRK operatives use AI-generated résumés/personas, AI profile photos, and real-time deepfake video to pass job interviews, and Claude to pass coding assessments and perform the work while fraudulently employed, funneling wages to the regime. CrowdStrike (FAMOUS CHOLLIMA) tracked 320+ infiltrated firms (+220% YoY); Microsoft names Jasper Sleet using the Faceswap app to insert workers' faces into stolen IDs; Anthropic confirmed Claude-enabled employment fraud; Amazon reported blocking 1,800+ suspected operatives in 2025. | **DeepFake for Impersonation**
Employment/Hiring fraud
**DeepFake for Synthetic Identity** | [Anthropic](https://www.anthropic.com/news/detecting-countering-misuse-aug-2025) · [Microsoft](https://www.microsoft.com/en-us/security/blog/2026/03/06/ai-as-tradecraft-how-threat-actors-operationalize-ai/) · [CrowdStrike](https://www.crowdstrike.com/en-us/blog/crowdstrike-2025-threat-hunting-report-ai-weapon-target/) · [Unit 42](https://unit42.paloaltonetworks.com/north-korean-synthetic-identity-creation/) | | 2025 December | Multiple UnSub — FBI/IC3 | US officials & their contacts | FBI PSA: actors sent AI-generated voice messages (vishing) plus smishing impersonating senior US officials (White House, Cabinet, Congress, state) to build rapport and phish targets onto attacker-controlled platforms. | **DeepFake for Impersonation**
Financial/credential fraud | [FBI/IC3 PSA251219](https://www.ic3.gov/PSA/2025/PSA251219) | | 2025 August | UnSub — Anthropic | Romance/confidence-scam victims (multiple) | Operator ran a Telegram-based scam-assistance bot powered by Claude — generating high-EQ replies, producing/enhancing images for fake profiles, emotional-manipulation scripts, and multi-language support to widen targeting. | **DeepFake for Impersonation**
(GenAI image + text; romance fraud) | [Anthropic](https://www.anthropic.com/news/detecting-countering-misuse-aug-2025) | **Sources for the above lists** **Threat Actors** *2024 Reports* | **Month** | **Org** | **Link** | | --------- | ------------------------------- | ------------------------------------------------------------ | | Janurary | National Cyber Security Centre | [The near-term impact of AI on the cyber threat](https://www.ncsc.gov.uk/report/impact-of-ai-on-cyber-threat#section_5) - *Analyst note: one of the most sensible and non-sensationalist works out there on the topic* | | Feburary | Microsoft | [Staying ahead of threat actors in the age of AI](https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/) | | Feburary | Microsoft | [Cyber Signals Issue 6](https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/](https:/www.microsoft.com/en-us/security/business/security-insider/wp-content/uploads/2024/02/cyber-signals-issue-6.pdf)) | | Feburary | OpenAI | [Disrupting malicious uses of AI by state-affiliated threat actors](https://openai.com/blog/disrupting-malicious-uses-of-ai-by-state-affiliated-threat-actors) | | Feburary | JFrog | [Malicious AI models on Hugging Face backdoor users’ machines](https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/) | | March | Tripwire | [Cybersecurity in the Age of AI: Exploring AI-Generated Cyber Attacks](https://www.tripwire.com/state-of-security/cybersecurity-age-ai-exploring-ai-generated-cyber-attacks) | | March | Kaspersky | [Spam and phishing in 2023](https://securelist.com/spam-phishing-report-2023/112015/) | *2023 Reports* | **Month** | **Org** | **Link** | | --------- | ---------- | ------------------------------------------------------------ | | June | FBI / IC3 | [Malicious Actors Manipulating Photos and Videos to Create Explicit Content and Sextortion Schemes](https://www.ic3.gov/Media/Y2023/PSA230605) | | July | SlashNext | [WormGPT – The Generative AI Tool Cybercriminals Are Using to Launch Business Email Compromise Attacks](https://slashnext.com/blog/wormgpt-the-generative-ai-tool-cybercriminals-are-using-to-launch-business-email-compromise-attacks/) | | November | SlashNext | [AI tools such as ChatGPT are generating a mammoth increase in malicious phishing emails](https://www.cnbc.com/2023/11/28/ai-like-chatgpt-is-creating-huge-increase-in-malicious-phishing-email.html) | | August | Mandiant | [Threat Actors are Interested in Generative AI, but Use Remains Limited](https://www.mandiant.com/resources/blog/threat-actors-generative-ai-limited) |
- Adoption rates of AI technologies among criminals lag behind the rates of their industry counterparts because of the evolving nature of cybercrime. - Compared to last year, criminals seem to have abandoned any attempt at training real criminal large language models (LLMs). Instead, they are jailbreaking existing ones. - We are finally seeing the emergence of actual criminal deepfake services, with some bypassing user verification used in financial services.
[Update May/15/2024] [Verizon DBIR report for 2024](https://github.com/cybershujin/Threat-Actors-use-of-Artifical-Intelligence/blob/main/2024-dbir-data-breach-investigations-report.pdf) has a small, but well analyzed section about threat actor interest in AI:
- Text analysis of criminal forums regarding AI alongside terms such as malware, phishing and vulnerability shows very little interest, and in fact most posts are about selling account access - Phishing, malware and ransomware effectiveness analysis indicates there is not a pressing need for AI to be sucessful as a malicious actor - The one large advancement that appears to be leveraged by threat actors is the use of deep fake technology Generally speaking, most popular and widely accessible AIs and LLMs have significant safeguards so they are designed not to add or enable malicious or criminal activities. However, this requires "jailbreaking" or otherwise "attacking" the AI/LLM itself which is not covered here, but is on my [other repo](https://github.com/cybershujin/AI-and-ML-for-Cybersecurity). [Update Aug/30/2025] !WATERSHED REPORTING! Recent and significant reporting from Anthropic, OpenAI and other sources have added to the observed activity and certainly represent a marked increase in use and application of AI for cyber threat actors, and represent a significant increase in uplift enjoyed by threat actors. In prior reporting, the uplift for low skilled threat actors using GenAI was primarily in social engineering. While social engineering (victim profiling, phishing, chatbots and deepfakes) remains BY FAR the largest volume of cyber threat activity using GenAI, reporting now provides evidence that low skilled actors are now using it "to conduct complex operations, like eveloping ransomware, that would previously have required years of training." [Anthropic](https://www-cdn.anthropic.com/b2a76c6f6992465c09a6f2fce282f6c0cea8c200.pdf?) This appears to be the first confirmed instance of AI being used to develop ransomware which there is evidence was sucessful in deployment and the subsequent extorsion demand. [GTG-200](https://www-cdn.anthropic.com/b2a76c6f6992465c09a6f2fce282f6c0cea8c200.pdf?) While we are seeing an increase in reporting of cyber threat actor using LLMs to [generate ransomware](https://bsky.app/profile/esetresearch.bsky.social/post/3lxctuaf4222t) and other [malware](https://www-cdn.anthropic.com/b2a76c6f6992465c09a6f2fce282f6c0cea8c200.pdf), in part or in whole - it is notable that all analysis of the sophistication of this code is that it is not a highly sophisticated, novel or (a claim I hear all too often) highly-polymorphic with features more likely to evade detection. **Scope** This is not for: • Threat actors attacking AI / ML / LLMs • Researchers attacking or finding exploits or possible uses AI by threat actors • Mis/dis/mal information campaigns using Deepfake technology • Threats to AI users, or AI researchers For those items, some of it is in my other repo here [AI and ML for Cybersecurity](https://github.com/cybershujin/AI-and-ML-for-Cybersecurity) along with some tools for cybersecurity professionals. Notes: **UnSub or Multiple UnSub - (sourcename)** used to refer to unnamed subjects, or multiple unnamed subjects mentioned in reports These these are taken from reports listed on the [Sources page](https://github.com/cybershujin/Threat-Actors-Use-of-Artifical-Intelligence/blob/main/Sources.md) but the TTP mapping is an effort by me to map to the closest possible MITRE ATT&CK technique used. If you find an entry and believe a better TTP mapping is available, please contact me and/or comment. | Name | AKAs | Brief | TTP | Link | | -------------- | -------------- | -------------------------------------------------------------------------------------------------------------- | ------------------------------------------------- | --------------------------- | | FunkSec | unknown | "The individuals behind FunkSec appear to have extensively leveraged AI to enhance their capabilities, as evidenced by their publications and tools. Their public script offerings include extensive code comments with perfect English (as opposed to very basic English in other mediums), likely generated by an LLM agent. Similar patterns are visible in the Rust source code linked to the group’s ransomware, suggesting it may have been developed with AI assistance.
In some of their published messages, the group specifically linked the development of their ransomware to AI-assisted agents, likely providing it with the source code for the ransomware and simply shared the output on their site.
The use of such tools aligns closely with the group’s public claims, as they also released an AI chatbot based on Miniapps to support their operations" | **LLM-enhanced scripting techniques** T1588 - Develop Capabilities: Tool
| [CheckPoint Research](https://research.checkpoint.com/2025/funksec-alleged-top-ransomware-group-powered-by-ai/) | | Salt Typhoon | GhostEmperor, FamousSparrow, Earth Estries, UNC2286 | WSJ- "The group used sophisticated methods to infiltrate American telecom infrastructure through vulnerabilities including Cisco Systems routers, and investigators suspect the hackers relied on artificial intelligence or machine learning to further their espionage operations , people familiar with the matter said."
InfoSec Magazine - "Salt Typhoon’s methods included advanced use of artificial intelligence to enhance their access and intelligence-gathering efforts." | Unknown TTPs | [T-Mobile Hacked in Massive Chinese Breach of Telecom Networks - Wall Street Journal](https://www.wsj.com/politics/national-security/t-mobile-hacked-in-massive-chinese-breach-of-telecom-networks-4b2d7f92) and [Archive -no paywall](http://archive.today/Uidlf)
[InfoSecurity Magazine](https://www.infosecurity-magazine.com/news/tmobile-breached-chinese/) | | Multiple Unsub - Symantic | Unknown | Recent malware campaigns observed by Symantec involved phishing emails containing code used to download various payloads, including Rhadamanthys, NetSupport, CleanUpLoader (Broomstick, Oyster), ModiLoader (DBatLoader), LokiBot, and Dunihi (H-Worm). Analysis of the scripts used to deliver malware in these attacks suggests they were generated using LLMs. [Symantec](https://symantec-enterprise-blogs.security.com/threat-intelligence/malware-ai-llm) | **LLM-enhanced scripting techniques** T1588 - Develop Capabilities: Tool
**LLM-supported social engineering** T1566 - Phishing
**LLM-enhanced scripting techniques:** Execution through Windows Management Instrumentation (WMI) or PowerShell (T1059) | Coming Soon | | Bitter APT | APT-C-08, Aramanberry | the group used the online IDE platform Replit to build phishing websites [Source](https://mp.weixin.qq.com/s/wR7IgBmEuqqGQ9SCAV39Uw) | TA1588.007 - Artifical Intelligence
**LLM-supported social engineering** T1566 - Phishing |ComingSoon | | Multiple Unsub - Trend Micro |unknown akas | Criminals are using generative AI capabilities for two purposes: To support the development of malware or malicious tools...To improve their social engineering tricks. [Trend Micro](https://www.trendmicro.com/vinfo/gb/security/news/cybercrime-and-digital-threats/back-to-the-hype-an-update-on-how-cybercriminals-are-using-genai) | **LLM-enhanced scripting techniques** T1588 - Develop Capabilities: Tool
**LLM-supported social engineering** T1566 - Phishing
**LLM-enhanced scripting techniques:** Execution through Windows Management Instrumentation (WMI) or PowerShell (T1059)
**DeepFake for Impersonation (Fraud):** Where generative AI is used to make audio, video or photographic media used to impersonate individuals | [Trend Micro](https://www.trendmicro.com/vinfo/gb/security/news/cybercrime-and-digital-threats/back-to-the-hype-an-update-on-how-cybercriminals-are-using-genai) | |TA547 | Scully Spider | Proofpoint identified TA547 targeting German organizations with an email campaign delivering Rhadamanthys malware. This is the first time researchers observed TA547 use Rhadamanthys, an information stealer that is used by multiple cybercriminal threat actors. Additionally, the actor appeared to use a PowerShell script that researchers suspect was generated by large language model (LLM) such as ChatGPT, Gemini, CoPilot, etc. [Source](https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta547-targets-german-organizations-rhadamanthys-stealer) | **LLM-enhanced scripting techniques:** Execution through Windows Management Instrumentation (WMI) or PowerShell (T1059) | ComingSoon | | Fancy Bear | Forest Blizzard, APT28, Strontium | APT28 is a Russian military intelligence actor linked to GRU Unit 26165, who has targeted victims of both tactical and strategic interest to the Russian government. Microsoft assesses that Forest Blizzard operations play a significant supporting role to Russia’s foreign policy and military objectives both in Ukraine and in the broader international community. Forest Blizzard’s use of LLMs has involved research into various satellite and radar technologies that may pertain to conventional military operations in Ukraine, as well as generic research aimed at supporting their cyber operations. [Microsoft](https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/)
[Update 2025-11] Deployed **PROMPTSTEAL** (CERT-UA tracks it as **LameHug**) against Ukraine in June 2025 — a Python data-miner that queries an LLM (Qwen2.5-Coder-32B-Instruct) via the Hugging Face API at runtime to generate the reconnaissance/collection commands it executes; GTIG describes it as its first observed case of malware querying an LLM in live operations. [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools), corroborated by CERT-UA | **LLM-informed reconnaissance** T1592 - Gather Victim Org Information
**LLM-enhanced scripting techniques** T1588 - Develop Capabilities: Tool
**LLM-embedded malware (runtime generation)** T1059 - Command and Scripting Interpreter | [APT28 aka Fancy Bear](https://github.com/cybershujin/Threat-Actors-Use-of-Artifical-Intelligence/blob/main/APT28.MD) | | APT43 | Lazarus, Emerald Sleet, Velvet Chollima, Kimsuky, TA406, Thallium | North Korean threat actor with recent operations relied on spear-phishing emails to compromise and gather intelligence from prominent individuals with expertise on North Korea. Microsoft observed Emerald Sleet impersonating reputable academic institutions and NGOs to lure victims into replying with expert insights and commentary about foreign policies related to North Korea. Emerald Sleet’s use of LLMs has been in support of this activity and involved research into think tanks and experts on North Korea, as well as the generation of content likely to be used in spear-phishing campaigns. Emerald Sleet also interacted with LLMs to understand publicly known vulnerabilities, to troubleshoot technical issues, and for assistance with using various web technologies. [Microsoft](https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/)
This account of the use of AI was also reported by Mandiant in their 23-00016993 and 24-00002657 reports. Mandiant's 2024 reporting also mentions APT43 purchasing WormGPT in August 2023. Reports from Feb 2024 APT43 was observed on forums discussing ChatGPT along a topic about (toughly translated) "North Korean nuclear solution"
In another report, Mandiant describes, "We identified indications of North Korean cyber espionage actor APT43 interest in LLMs, specifically Mandiant observed evidence suggesting the group has logged on to widely available LLM tools. The group may potentially leverage LLMs to enable their operations, however the intended purpose is unclear. " [Source](https://www.mandiant.com/resources/blog/threat-actors-generative-ai-limited)
[Update 2026-03] Microsoft (with OpenAI) observed Emerald Sleet using LLMs to research the publicly reported vulnerability CVE-2022-30190 (MSDT "Follina"). [Microsoft](https://www.microsoft.com/en-us/security/blog/2026/03/06/ai-as-tradecraft-how-threat-actors-operationalize-ai/) | **LLM-assisted vulnerability research** T1588.006 Obtain Capabilities: Vulnerabilities
**LLM-enhanced scripting techniques** T1588 - Develop Capabilities: Tool
**LLM-supported social engineering** T1566 - Phishing
**LLM-informed reconnaissance** T1592 - Gather Victim Org Information Based on Mandiants 24-00002657 report,
**DeepFake for Impersonation** (TTP unknown, not clear how actors used generated images from MaxAi[.]me and ZMO AI | link coming soon | | Imperial Kitten | Crimson Sandstorm, Yellowliderc, Tortoiseshell | Iranian threat actor assessed to be connected to the Islamic Revolutionary Guard Corps (IRGC). This actor has targeted multiple sectors, including defense, maritime shipping, transportation, healthcare, and technology. These operations have frequently relied on watering hole attacks and social engineering to deliver custom .NET malware. Prior research also identified custom Crimson Sandstorm malware using email-based command-and-control (C2) channels. The use of LLMs by Crimson Sandstorm has reflected the broader behaviors that the security community has observed from this threat actor. Interactions have involved requests for support around social engineering, assistance in troubleshooting errors, .NET development, and ways in which an attacker might evade detection when on a compromised machine. [Microsoft](https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/) | **LLM-supported social engineering** T1566 - Phishing
**LLM-enhanced scripting techniques** T1588 - Develop Capabilities: Tool
**LLM-enhanced anomaly detection evasion** T1562.001 - Impair Defenses: Disable or Modify Tools | link coming soon | | Aquatic Panda | Charcoal Typhoon, ControlX, RedHotel, Bronze University, Red Scully, Chromium | Chinese state-affiliated threat actor with a broad operational scope. Activities have predominantly focused on entities within Taiwan, Thailand, Mongolia, Malaysia, France, and Nepal, with observed interests extending to institutions and individuals globally who oppose China’s policies. In recent operations, this actor group has been observed interacting with LLMs in ways that suggest a limited exploration of how LLMs can augment their technical operations. This has consisted of using LLMs to support tooling development, scripting, understanding various commodity cybersecurity tools, and for generating content that could be used to social engineer targets. [Microsoft](https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/) | **LLM-informed reconnaissance** T1588.006 Obtain Capabilities: Vulnerabilities
**LLM-enhanced scripting techniques** T1587 - Develop Capabilities
**LLM-refined operational command techniques** TA0003 - Persistence and TA004 Privilege Escalation | [Aquatic Panda Reports](https://github.com/cybershujin/Threat-Actors-use-of-Artifical-Intelligence/tree/main/Aquatic%20Panda) | | Sodium | Salmon Typhoon, Samurai Panda, Maverick Panda, APT4 | Sophisticated Chinese state-affiliated threat actor with a history of targeting US defense contractors, government agencies, and entities within the cryptographic technology sector. This threat actor has demonstrated its capabilities through the deployment of malware, such as Win32/Wkysol, to maintain remote access to compromised systems. With over a decade of operations marked by intermittent periods of dormancy and resurgence. (Sodium's) interactions with LLMs throughout 2023 appear exploratory and suggest that this threat actor is evaluating the effectiveness of LLMs in sourcing information on potentially sensitive topics, high profile individuals, regional geopolitics, US influence, and internal affairs. This tentative engagement with LLMs could reflect both a broadening of their intelligence-gathering toolkit and an experimental phase in assessing the capabilities of emerging technologies. [Microsoft](https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/) | **LLM-informed reconnaissance** T1593 - Search Open Websites/Domains
**LLM-enhanced scripting techniques** T1587.001 - Develop Capabilities: Malware
**LLM-refined operational command techniques** T1564 - Hide Artifacts
**LLM-Aided technical translation and explanation** T1593 - Search Open Websites/Domains | link coming soon | | Unsub1 - Kaspersky | N/A | Using fake sites, they hosted “GPT chats” supposedly capable of diagnosing computer problems, making money and such. In fact, the site deployed no AI models, but only used the topic to stir interest with potential victims and make a bigger killing. One such page mimicking the Microsoft website warned visitors that their computer was infected with a Trojan. To avoid losing data, they were advised not to reboot or turn off the device until the issue was resolved. Two options were offered: call a hotline or chat with Lucy, an AI chatbot. In the second case, you had to choose a method of diagnosing the device, after which the bot said it was unable to solve the problem and recommended calling support. Naturally, professional scammers, not Microsoft engineers, were waiting at the other end of the line. *Analyst note: This sounds like [Bazacall](https://www.microsoft.com/en-us/security/blog/2021/07/29/bazacall-phony-call-centers-lead-to-exfiltration-and-ransomware/) like activity* [Source](https://securelist.com/spam-phishing-report-2023/112015/) | **Lookalike LLM** T1583 Acquire Infrastructure | N/A | | Unsub2 - Kaspersky | N/A | “Smart chatbots” were also used as “consultants” on making money online. On one site a bot pretending to be an Elon Musk design advertised investment services. After telling the new “client” that it could make them rich quickly, the robot asked about their education, income level, and investment experience. Regardless of the answers, the bot informed the client that it would do all the earning. Next, it demonstrated an amount it could offer and prompted the user to register simply by providing their contact details. Events then likely unfolded as in other similar schemes: The “AI” asked for a small fee in recognition of its intellectual abilities, and then simply vanished into the ether. [Source](https://securelist.com/spam-phishing-report-2023/112015/) | **Lookalike LLM** T1583 Acquire Infrastructure
**LLM-supported social engineering** T1566 - Phishing | N/A | | Multiple Unsub - JFrog | N/A | In an "investigation of a malicious machine-learning model...The model’s payload grants the attacker a shell on the compromised machine, enabling them to gain full control over victims’ machines through what is commonly referred to as a “backdoor”...It’s crucial to emphasize that when we refer to “malicious models”, we specifically denote those housing real, harmful payloads. Our analysis has pinpointed around 100 instances of such models to date... [Source](https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/) | **LL Models used for backdoor deployment** T1195.001 Supply Chain Compromise - Compromise Software Dependencies and Development Tools T1059 Command and Scripting Interpreter | N/A | | GXC Team
group leader: googleXcoder | | Resecurity has uncovered a cybercriminal group known as "**GXC Team**", which specializes in crafting tools for online banking theft, ecommerce fraud, and internet scams. Around November 11th, 2023, the group's leader, operating under the alias "**googleXcoder**", made multiple announcements on the Dark Web. These posts introduced a new tool that incorporates Artificial Intelligence (AI) for creating fraudulent invoices used for wire fraud and Business E-Mail Compromise (BEC) scams.
This tool employs proprietary algorithms to scrutinize compromised emails through POP3/IMAP4 protocols, identifying messages that either mention invoices or include attachments with payment details. Upon detection, the tool alters the banking information of the intended recipient (like the victim's supplier) to details specified by the perpetrator. The altered invoice is then either replaced in the original message or sent to a predetermined list of contacts. These methods are commonly employed in wire fraud and well-known bogus invoice scams. Often, accountants and staff in victimized companies do not thoroughly check invoices that appear familiar or nearly genuine, leading to unverified payments.
The tool's multi-language capability enables the automatic scanning of messages without any manual intervention, providing the actors with significant advantages.
The tool's interface includes options to configure simple mail transfer protocol (SMTP) settings for sending out emails with the fabricated invoices it generates. Moreover, the tool includes a feature that sends reports to a designated Telegram channel, serving as an alternative to traditional command-and-control (C2C) communication. This functionality also extends to providing details about the generated invoices. | **LLM-informed reconnaissance**
T1592 - Gather Victim Org Information
**LLM-enhanced scripting techniques**
T1588 - Develop Capabilities: Tool
**LLM-supported social engineering**
T1566 - Phishing
**LLM-directed Automated Collection**
T1114 Email Collection
**LLM-enhanced data manipulation**
T1565 Data Manipulation
T1657 Financial Theft
| [Resecurity](https://www.resecurity.com/blog/article/cybercriminals-implemented-artificial-intelligence-ai-for-invoice-fraud) | | Multiple UnSub - South China Post | | Four cyber attackers in China have been arrested for developing ransomware...The attack was first reported by an unidentified company in Hangzhou, capital of eastern Zhejiang province, which had its systems blocked by ransomware, according to a Thursday report by state-run Xinhua News Agency. The hackers demanded 20,000 Tether, a cryptocurrency stablecoin pegged one-to-one to the US dollar, to restore access....The police in late November arrested two suspects in Beijing and two others in Inner Mongolia, who admitted to “writing versions of ransomware, optimising the program with the help of ChatGPT, conducting vulnerability scans, gaining access through infiltration, implanting ransomware, and carrying out extortion”, the report said. | **LLM-aided development** T1587 - Develop Capabilities: Malware
| [South China Post](https://www.scmp.com/tech/tech-trends/article/3246612/chatgpt-aided-ransomware-china-results-four-arrests-ai-raises-cybersecurity-concerns)
recommend removepaywall.com for this site | | baller423/goober2 | potentially star23/baller13 or just ties between them | Recently, our scanning environment flagged a particularly intriguing PyTorch model uploaded by a new user named baller423—though since deleted. The repository, baller423/goober2, contained a PyTorch model file harboring an intriguing payload....This IP address range belonging to KREOnet, which stands for “Korea Research Environment Open NETwork,” may serve as potential evidence suggesting the involvement of researchers in attempting the exploit [Source](https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/) | **LL Models used for backdoor deployment** T1195.001 Supply Chain Compromise - Compromise Software Depedencies and Development Tools T1059.001 Command and Scripting Interpreter: Powershell | | | star23/baller13 | potentially baller423/goober2 or just ties between them | Shortly after the model was removed, we encountered further instances of the same payload with varying IP addresses. One such instance remains active: star23/baller13. It’s worth noting the similarity in the model name to the deleted user, suggesting potential ties between them. [Source](https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/) | **LL Models used for backdoor deployment** T1195.001 Supply Chain Compromise - Compromise Software Depedencies and Development Tools T1059.001 Command and Scripting Interpreter: Powershell | N/A | | Multiple Unsub - NCSC UK | N/A | Threat actors, including ransomware actors, are already using AI to increase the efficiency and effectiveness of aspects of cyber operations, such as reconnaissance, phishing and coding [Source](https://www.ncsc.gov.uk/report/impact-of-ai-on-cyber-threat) | **LLM-informed reconnaissance** T1593 - Search Open Websites/Domains
**LLM-supported social engineering** T1566 - Phishing
**LLM-aided development** T1587 - Develop Capabilities: Tool
**LLM-aided development** T1587 - Develop Capabilities: Malware
**LLM-enhanced scripting techniques** T1587 - Develop Capabilities | [Multiple Unsub - NCSC](https://github.com/cybershujin/Threat-Actors-Use-of-Artifical-Intelligence/tree/main/Multiple UnSub SlashNext) | | Multiple Unsub - SlashNext | N/A | Since Q4 of 2022 when ChatGPT became widely available, there has been a 1,265% increase in malicious phishing emails, with a 967% rise in credential phishing in particular. [Source](https://www.cnbc.com/2023/11/28/ai-like-chatgpt-is-creating-huge-increase-in-malicious-phishing-email.html) | **LLM-supported social engineering** T1566 - Phishing | [Multile Unsub - SlashNext](https://github.com/cybershujin/Threat-Actors-Use-of-Artifical-Intelligence/tree/main/Multiple UnSub SlashNext) | | Multiple Unsub North Korea - US National Security Advisor | N/A | On Oct. 18, 2023 U.S. Deputy National Security Advisor Anne Neuberger said that North Korea's use of artificial intelligence (AI) is enhancing the country's cyber capabilities, which puts enterprises around the globe at significant risk. Neuberger said, "We have observed some North Korean and other nation-state and criminal actors try to use AI models to help accelerate writing malicious software and finding systems to exploit." | **LLM-assisted vulnerability research** T1588.006 Obtain Capabilities: Vulnerabilities
**LLM-enhanced scripting techniques** T1588 - Develop Capabilities: Tool | | | Scattered Spider | UNC3944, Storm-0875 | In the second half of 2023, SCATTERED SPIDER used the Azure AD PowerShell module to download all Entra ID user immutable IDs at a North American financial services victim. Using its Entra ID backdoor, the adversary could log in as any of the downloaded users. The PowerShell used to download the users’ immutable IDs resembled large language model (LLM) outputs such as those from ChatGPT. In particular, the pattern of one comment, the actual command and then a new line for each command matches the Llama 2 70B model output. [Source](https://asantecloud.com/wp-content/uploads/2024/02/GlobalThreatReport2024_Asante.pdf) | **LLM-enhanced scripting techniques** T1588 - Develop Capabilities: Tool | Link Coming Soon | | Indrik Spider | Evil Corp | In February 2023, CrowdStrike Services responded to an INDRIK SPIDER incident involving BITWISE SPIDER’s LockBit RED ransomware. During this incident, INDRIK SPIDER exfiltrated credentials from cloud-based credential manager Azure Key Vault. Logs show that INDRIK SPIDER also visited ChatGPT while interacting with the Azure Portal. In addition to visiting ChatGPT while browsing the Azure Portal — presumably to understand how to navigate in Azure — browsing activity analysis indicates INDRIK SPIDER used search engines such as Google and Bing and searched on GitHub during the operations to understand how to exfiltrate Azure Key Vault credentials. Using search engines and visiting ChatGPT indicate that though INDRIK SPIDER is likely new to the cloud and not yet sophisticated in this domain, it is using generative AI to fill these knowledge gaps. [Source](https://asantecloud.com/wp-content/uploads/2024/02/GlobalThreatReport2024_Asante.pdf) | **LLM-informed reconnaissance** T1593 - Search Open Websites/Domains [Source](https://www.state.gov/digital-press-briefing-with-anne-neuberger-deputy-national-security-advisor-for-cyber-and-emerging-technologies/) | N/A | | UnSubs - Mandiant | N/A but described as "actors aligned with nation-states including Russia, the People's Republic of China (PRC), Iran, Ethiopia, Indonesia, Cuba, Argentina, Mexico, Ecuador, and El Salvador, along with non-state actors such as individuals on the 4chan forum." | Since 2019, Mandiant has identified numerous instances of information operations leveraging GANs, typically for use in profile photos of inauthentic personas, including by actors aligned with nation-states including Russia, the People's Republic of China (PRC), Iran, Ethiopia, Indonesia, Cuba, Argentina, Mexico, Ecuador, and El Salvador, along with non-state actors such as individuals on the 4chan forum. We judge that the publicly available nature of GAN-generated image tools such as the website thispersondoesnotexist.com has likely contributed to their frequent usage in information operations (Figure 2). Actors have also taken steps to obfuscate the AI-generated origin of their profile photos through tactics like adding filters or retouching facial features...Mandiant has noted evidence of financially motivated actors using manipulated video and voice content in business email compromise (BEC) scams, North Korean cyber espionage actors using manipulated images to defeat know your customer (KYC) requirements, and voice changing technology used in social engineering targeting Israeli soldiers. [Source](https://www.mandiant.com/resources/blog/threat-actors-generative-ai-limited) | **DeepFake for Impersonation** T1587 - Develop capabilities | N/A | | CanadianKingpin12 | | An investigation from researchers at cybersecurity company SlashNext, reveals that CanadianKingpin12 is actively training new chatbots using unrestricted data sets sourced from the dark web or basing them on sophisticated large language models developed for fighting cybercrime.
The researchers also learned that the advertiser also had access to another large language model named DarkBERT developed by South Korean researchers and trained on dark web data but to fight cybercrime.
This is not included in the analysis, but wanted to list this report for completeness. The reason this is not used in analysis is based on Dr.Chung, the Head of AI & the author of DarkBERT at S2W comment: *Since S2W adheres to the strict and ethical guidelines outlined by the ACL, access to DarkBERT is granted following careful evaluation and is exclusively approved for academic and public interest.* | N/A source not credible | | | GTG-1002 | Chinese state-sponsored (Anthropic designation); MITRE ATT&CK Campaign C0062 | Anthropic disrupted what it calls the first reported AI-orchestrated cyber-espionage campaign: the actor manipulated Claude Code (via a "defensive security firm" roleplay jailbreak and task decomposition) into running a largely autonomous intrusion against ~30 global targets (major tech, financial, chemical, government), succeeding in a small number. AI performed an estimated 80–90% of tactical work — reconnaissance, exploit research/writing, credential harvesting, lateral movement, and data triage/exfiltration — with only 4–6 human decision points per campaign. [Anthropic](https://www.anthropic.com/news/disrupting-AI-espionage) | **LLM-orchestrated operations** TA0002 - Execution (full kill-chain)
**LLM-informed reconnaissance** T1595 - Active Scanning
**LLM-assisted vulnerability research** T1588.006 - Obtain Capabilities: Vulnerabilities
**LLM-aided development** T1587 - Develop Capabilities
**LLM-directed Automated Collection** T1567 - Exfiltration Over Web Service | [Anthropic – Disrupting the first reported AI-orchestrated cyber espionage campaign](https://www.anthropic.com/news/disrupting-AI-espionage) | | GTG-2002 | "vibe hacking" data-extortion actor (Anthropic) | Used Claude Code as an active operational agent across at least 17 organizations (healthcare, emergency services, government, religious) in roughly a month: automated reconnaissance, credential harvesting, and network penetration, then analyzed exfiltrated data to size ransom demands ($75K–$500K+ in BTC) and generated per-victim custom HTML ransom notes. First confirmed AI-run extortion operation. [Anthropic](https://www.anthropic.com/news/detecting-countering-misuse-aug-2025) | **LLM-orchestrated operations** TA0002 - Execution
**LLM-aided development** T1587.001 - Develop Capabilities: Malware
**LLM-enhanced extortion/negotiation** T1657 - Financial Theft
**LLM-directed Automated Collection** T1567 - Exfiltration Over Web Service | [Anthropic – Detecting and countering misuse of AI: August 2025](https://www.anthropic.com/news/detecting-countering-misuse-aug-2025) | | GTG-5004 | UnSub RaaS developer (Anthropic) | A low-skill criminal, apparently dependent on the model, used Claude to build, market, and sell a ransomware-as-a-service line (ChaCha20 encryption, anti-EDR, anti-recovery, Windows-internals exploitation), sold since ~January 2025 on Dread, CryptBB and Nulled at ~$400 (DLL/exe) / ~$800 (full RaaS kit with PHP console + C2) / ~$1,200 (FUD crypter). [Anthropic](https://www.anthropic.com/news/detecting-countering-misuse-aug-2025) | **LLM-aided development** T1587.001 - Develop Capabilities: Malware
**LLM-optimized payload crafting** T1027 - Obfuscated Files/Information (FUD crypter)
**LLM-enhanced anomaly detection evasion** T1562.001 - Impair Defenses (anti-EDR)
T1490 - Inhibit System Recovery | [Anthropic – Detecting and countering misuse of AI: August 2025](https://www.anthropic.com/news/detecting-countering-misuse-aug-2025) | | APT41 | Wicked Panda, BARIUM, Winnti, Double Dragon (PRC) | Through August 2025, GTIG observed APT41 using Gemini for C++/Golang code development on multiple tools — including a C2 framework the actor called OSSTUN — and for code-obfuscation help using public obfuscation libraries. [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | **LLM-aided development** T1587.001 - Develop Capabilities: Malware
**LLM-optimized payload crafting** T1027 - Obfuscated Files/Information
T1071 - Application Layer Protocol (C2 development) | [GTIG – AI Threat Tracker: Advances in Threat Actor Usage of AI Tools](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | | APT42 | Charming Kitten, Mint Sandstorm, TA453, Yellow Garuda (Iran, IRGC) | Used Gemini's text generation/editing to craft phishing material impersonating think-tank staff and for translation/geopolitical research; notably attempted to build a "Data Processing Agent" converting natural-language requests into SQL queries to mine sensitive personal data. [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | **LLM-supported social engineering** T1566 - Phishing
**LLM-informed reconnaissance** T1591 - Gather Victim Org Information
**LLM-enhanced data manipulation** T1213 - Data from Information Repositories (NL-to-SQL agent) | [GTIG – AI Threat Tracker](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | | TEMP.Zagros | MUDDYCOAST, MuddyWater, Mango Sandstorm, Static Kitten, Seedworm (Iran) | Used Gemini to research and support development of custom malware (a Python C2 server and web shells) — an evolution in the group's capability — using social-engineering pretexts (posing as a student on a final-year project or a paper author) to bypass Gemini's safety guardrails. [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | **LLM-aided development** T1587.001 - Develop Capabilities: Malware
T1505.003 - Server Software Component: Web Shell | [GTIG – AI Threat Tracker](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | | UNC1069 | MASAN, CryptoCore (DPRK; BlueNoroff/Lazarus-adjacent) | Used Gemini for cryptocurrency research and reconnaissance on where victims' wallet application data is stored, generated multilingual lures, and attempted crypto-theft code. Separately used AI-generated deepfake images/video (including a deepfaked crypto-company CEO on a Zoom call) to lure victims into installing the BIGMACHO backdoor disguised as a Zoom SDK. [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) (see also the deepfake table below) | **LLM-informed reconnaissance** T1593 - Search Open Websites/Domains
**LLM-supported social engineering** T1566 - Phishing
**LLM-aided development** T1587 - Develop Capabilities
**DeepFake for Impersonation** T1656 - Impersonation | [GTIG – AI Threat Tracker](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) · [GTIG – UNC1069](https://cloud.google.com/blog/topics/threat-intelligence/unc1069-targets-cryptocurrency-ai-social-engineering) | | UNC4899 | PUKCHONG (DPRK; supply-chain compromise, TraderTraitor/Lazarus cluster) | Used Gemini to develop code, research exploits (with a focus on edge devices and modern browsers), and improve tooling. [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | **LLM-assisted vulnerability research** T1588.006 - Obtain Capabilities: Vulnerabilities
**LLM-aided development** T1587.001 - Develop Capabilities: Malware
T1195 - Supply Chain Compromise | [GTIG – AI Threat Tracker](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | | UNC2970 | DPRK; "Operation Dream Job" recruiter-impersonation cluster (Lazarus-adjacent) | Used Gemini to synthesize OSINT and profile high-value targets for campaign planning — searching information on major cybersecurity/defense firms and mapping specific technical job roles and salary data (consistent with fake-recruiter tradecraft). [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use) | **LLM-informed reconnaissance** T1591 - Gather Victim Org Information
T1589 - Gather Victim Identity Information
Supports T1566.003 - Spearphishing via Service | [GTIG – Distillation, Experimentation, and Integration of AI for Adversarial Use](https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use) | | APT31 | Zirconium, Judgment Panda, Violet Typhoon (PRC) | Prompted Gemini with an expert-cybersecurity persona to automate vulnerability analysis and generate targeted testing plans — in one case trialing Hexstrike MCP tooling and directing the model to analyze RCE, WAF-bypass, and SQL-injection results against specific US targets. [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use) | **LLM-assisted vulnerability research** T1595 - Active Scanning
T1587.004 - Develop Capabilities: Exploits
Agentic/MCP-assisted offensive testing | [GTIG – Distillation, Experimentation…](https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use) | | Temp.HEX | PRC (Mustang Panda / TA416 reporting overlap) | Misused Gemini and other AI tools to compile detailed dossiers on specific individuals (including targets in Pakistan) and collect operational and structural data on separatist organizations in multiple countries. [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use) | **LLM-informed reconnaissance** T1591 - Gather Victim Org Information
T1589 - Gather Victim Identity Information | [GTIG – Distillation, Experimentation…](https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use) | | UNC795 | PRC (GTIG designator) | Relied heavily on Gemini across the full attack lifecycle — engaging multiple days a week to troubleshoot code, research, and generate technical capabilities for intrusion activity, including interest in AI-integrated (agentic) code-auditing. [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use) | **LLM-aided development** T1587.001 - Develop Capabilities: Malware
**LLM-enhanced scripting techniques** T1059 - Command and Scripting Interpreter | [GTIG – Distillation, Experimentation…](https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use) | | UNC6418 | UnSub (GTIG; targets Ukraine/defense) | Misused Gemini for targeted intelligence gathering — hunting sensitive account credentials and email addresses — after which GTIG observed those same accounts hit in a phishing campaign against Ukraine and the defense sector. [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use) | **LLM-informed reconnaissance** T1589 - Gather Victim Identity Information
**LLM-supported social engineering** T1566 - Phishing | [GTIG – Distillation, Experimentation…](https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use) | | UnSub (China-nexus, CTF-pretext) — GTIG | UnSub | Misused Gemini to craft lures, build infrastructure, and develop data-exfiltration tooling; when refused, reframed prompts as a "capture-the-flag (CTF) exercise" to defeat guardrails, then applied the pretext to advance phishing, exploitation, and web-shell development. [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | **LLM-supported social engineering** T1566 - Phishing
T1505.003 - Server Software Component: Web Shell | [GTIG – AI Threat Tracker](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | | UnSub (China-nexus, cloud intrusion) — GTIG | UnSub | Suspected China-nexus actor leveraged Gemini across intrusion stages — reconnaissance, phishing/payload-delivery research, lateral movement, in-victim C2 support, and data-exfiltration help — including on unfamiliar surfaces (AWS, vSphere, Kubernetes). [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | **LLM-informed reconnaissance** T1590 - Gather Victim Network Information
T1021 - Remote Services (lateral movement)
T1071 - Application Layer Protocol (C2)
T1567 - Exfiltration Over Web Service | [GTIG – AI Threat Tracker](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | | UNC5356 | Financially motivated (GTIG); COINBAIT phishing kit | Built the COINBAIT phishing kit using the AI app-builder platform Lovable AI (evidenced by the lovableSupabase client and lovable.app image hosting in samples). [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use) | **AI-generated attack infrastructure (app-builder abuse)** T1583.001 - Acquire Infrastructure / T1608 - Stage Capabilities
**LLM-supported social engineering** T1566 - Phishing | [GTIG – Distillation, Experimentation…](https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use) | | Multiple UnSub — OpenAI (Oct 2025) | RU-, KR-, CN-language clusters | OpenAI disrupted accounts where (a) Russian-language actors refined malware including RATs and credential stealers plus evasion; (b) Korean-language operators developed C2 systems; and (c) alleged China-linked actors crafted phishing and debugged malware targeting Taiwan's semiconductor sector, US academia and political groups. OpenAI's framing: actors "bolt AI onto old playbooks," gaining no novel capability. [OpenAI](https://openai.com/global-affairs/disrupting-malicious-uses-of-ai-october-2025/) | **LLM-aided development** T1587.001 - Develop Capabilities: Malware
T1071 - Application Layer Protocol (C2 development)
**LLM-supported social engineering** T1566 - Phishing
**LLM-enhanced scripting techniques** T1059 - Command and Scripting Interpreter | [OpenAI – Disrupting malicious uses of AI: October 2025](https://openai.com/global-affairs/disrupting-malicious-uses-of-ai-october-2025/) | | UnSub carding operator — Anthropic | UnSub | Used Claude to build out a carding (stolen-payment-card) service, developing advanced API-integration and operational-resilience mechanisms for the criminal service. [Anthropic](https://www-cdn.anthropic.com/b2a76c6f6992465c09a6f2fce282f6c0cea8c200.pdf) | **LLM-advised resource development** T1587 - Develop Capabilities
T1102 - Web Service (API integration) | [Anthropic – Threat Intelligence Report: August 2025 (PDF)](https://www-cdn.anthropic.com/b2a76c6f6992465c09a6f2fce282f6c0cea8c200.pdf) | | RevengeHotels | TA558 (Kaspersky) | Summer-2025 campaigns against Brazilian and Spanish-speaking hotels in which a significant portion of the initial-infector and downloader code appears LLM-generated (clean structure, placeholder variables, verbose per-action comments), delivering VenomRAT (HVNC, stealer, reverse proxy, UAC bypass). *Analyst note: LLM authorship inferred from code style, not captured model logs.* [Kaspersky](https://securelist.com/revengehotels-attacks-with-ai-and-venomrat-across-latin-america/117493/) | **LLM-enhanced scripting techniques** T1059 - Command and Scripting Interpreter
**LLM-aided development** T1587.001 - Develop Capabilities: Malware
T1566.001 - Spearphishing Attachment | [Kaspersky/Securelist – RevengeHotels with AI and VenomRAT](https://securelist.com/revengehotels-attacks-with-ai-and-venomrat-across-latin-america/117493/) | | Armored Likho | Eagle Werewolf (Kaspersky) | Spear-phishing espionage against government and electric-power targets in Russia, Kazakhstan and Brazil; loader source shows verbose comments, bullet-point emoji, and redundant blocks that Kaspersky attributes to LLM generation, deploying the new Python BusySnake Stealer (PyArmor-obfuscated; credential/cookie theft, reverse SSH). *Analyst note: LLM authorship inferred from code style.* [Kaspersky](https://securelist.com/armored-likho-apt-with-busysnake-stealer/120292/) | **LLM-aided development** T1587.001 - Develop Capabilities: Malware
T1566.001 - Spearphishing Attachment
T1027 - Obfuscated Files/Information | [Kaspersky/Securelist – Armored Likho's BusySnake Stealer](https://securelist.com/armored-likho-apt-with-busysnake-stealer/120292/) | | Global Group | RaaS (SentinelLABS) | From mid-2025 advertised an "AI-Assisted Chat" negotiation feature to affiliates that analyzes victim-company data (revenue, public behavior) to tailor extortion communications and pressure victims — AI operationalized in the extortion/negotiation phase. [SentinelLABS](https://www.sentinelone.com/labs/llms-ransomware-an-operational-accelerator-not-a-revolution/) | **LLM-enhanced extortion/negotiation** T1657 - Financial Theft
**LLM-informed reconnaissance** T1591 - Gather Victim Org Information | [SentinelLABS – LLMs & Ransomware: An Operational Accelerator](https://www.sentinelone.com/labs/llms-ransomware-an-operational-accelerator-not-a-revolution/) | | Multiple UnSub — CrowdStrike | UnSub (eCrime) | CrowdStrike's 2026 Global Threat Report: adversaries exploited legitimate GenAI tools at 90+ organizations by injecting malicious prompts to generate commands used to steal credentials and cryptocurrency (no named actor). CrowdStrike also reports ChatGPT referenced in criminal forums 550% more than any other model, and an 89% YoY rise in AI-enabled operations. *Bias note: vendor sells EDR/identity products.* [CrowdStrike](https://www.crowdstrike.com/en-us/blog/crowdstrike-2026-global-threat-report-findings/) | **LLM-enhanced scripting techniques** T1059 - Command and Scripting Interpreter
T1555 - Credentials from Password Stores
T1657 - Financial Theft | [CrowdStrike – 2026 Global Threat Report](https://www.crowdstrike.com/en-us/blog/crowdstrike-2026-global-threat-report-findings/) | | Multiple UnSub — Proofpoint | UnSub (multiple operators) | Cybercriminals abused Lovable (an AI site-builder) to mass-produce credential-phishing pages (Microsoft/bank spoofs behind CAPTCHA), fraud sites funneling to Telegram, crypto-wallet-draining DeFi clones, and redirectors delivering zgRAT/DOILoader — tens of thousands of malicious Lovable URLs per month since February 2025, affecting 5,000+ organizations. *Bias note: vendor sells email/URL security.* [Proofpoint](https://www.proofpoint.com/us/blog/threat-insight/cybercriminals-abuse-ai-website-creation-app-phishing) | **AI-generated attack infrastructure (app-builder abuse)** T1583.001 - Acquire Infrastructure / T1608 - Stage Capabilities
**LLM-supported social engineering** T1566 - Phishing
T1657 - Financial Theft | [Proofpoint – Cybercriminals Abuse AI Website Creation App For Phishing](https://www.proofpoint.com/us/blog/threat-insight/cybercriminals-abuse-ai-website-creation-app-phishing) | | Coral Sleet | Storm-1877 (DPRK) | Microsoft observed rapid capability growth via AI-assisted iterative development — using AI coding tools to generate, refine and reimplement malware components, agentic AI for an end-to-end lure-development workflow, and jailbroken LLM software to generate malicious code. [Microsoft](https://www.microsoft.com/en-us/security/blog/2026/03/06/ai-as-tradecraft-how-threat-actors-operationalize-ai/) | **LLM-aided development** T1587.001 - Develop Capabilities: Malware
**LLM-supported social engineering** T1566 - Phishing (agentic lure development) | [Microsoft – AI as tradecraft: How threat actors operationalize AI](https://www.microsoft.com/en-us/security/blog/2026/03/06/ai-as-tradecraft-how-threat-actors-operationalize-ai/) | | Sapphire Sleet | DPRK (crypto-theft / fake-recruiter cluster) | Develops fake digital personas using AI to support social-engineering campaigns targeting employment/recruitment opportunities. [Microsoft](https://www.microsoft.com/en-us/security/blog/2026/03/06/ai-as-tradecraft-how-threat-actors-operationalize-ai/) | **LLM-supported social engineering** T1585 - Establish Accounts (AI personas)
T1566.003 - Spearphishing via Service | [Microsoft – AI as tradecraft](https://www.microsoft.com/en-us/security/blog/2026/03/06/ai-as-tradecraft-how-threat-actors-operationalize-ai/) | | QUIETVAULT | UnSub (GTIG); JS credential stealer | A credential/token stealer (GitHub/npm tokens) that, beyond its primary targets, invokes AI prompts and on-host installed AI CLI tools to search the infected system for additional secrets, then exfiltrates via attacker-created public GitHub repos. Novel abuse of the victim's own AI tooling. [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | **LL Models used for backdoor deployment** (on-host AI abused for collection) T1552 - Unsecured Credentials
T1119 - Automated Collection
T1567 - Exfiltration Over Web Service | [GTIG – AI Threat Tracker](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | | PROMPTFLUX | UnSub (GTIG; likely financially motivated) | Experimental VBScript dropper with a "Thinking Robot" module that calls the Gemini API at runtime to request VBScript obfuscation/evasion techniques for "just-in-time" self-modification, rewriting its own source into the Startup folder; spreads via removable drives and network shares. GTIG assesses it experimental and not yet observed deployed in operations. [GTIG](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | **LLM-embedded malware (runtime generation)** T1027 - Obfuscated Files/Information
T1059.005 - Command and Scripting Interpreter: Visual Basic
T1547.001 - Registry Run Keys / Startup Folder | [GTIG – AI Threat Tracker](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | | UnSub — Huntress (AI-generated AD recon) | UnSub | An unnamed actor deployed an AI-generated PowerShell script (self-labeled "100% Working AD Information Gathering Script - FULLY FIXED") to enumerate Active Directory, alongside s5cmd and SharpShares. [Huntress via The Hacker News](https://thehackernews.com/2026/07/attacker-uses-suspected-ai-generated.html) | **LLM-enhanced scripting techniques** T1059.001 - Command and Scripting Interpreter: PowerShell
T1087 - Account Discovery
T1069 - Permission Groups Discovery | [The Hacker News (reporting Huntress) – Attacker Uses Suspected AI-Generated PowerShell to Map AD](https://thehackernews.com/2026/07/attacker-uses-suspected-ai-generated.html) | | | | | | | ## Appendix A: LLM-themed TTPs **LLM-informed reconnaissance:** Employing LLMs to gather actionable intelligence on technologies and potential vulnerabilities. (CREDIT: Microsoft) **LLM-enhanced scripting techniques:** Utilizing LLMs to generate or refine scripts that could be used in cyberattacks, or for basic scripting tasks such as programmatically identifying certain user events on a system and assistance with troubleshooting and understanding various web technologies.(CREDIT: Microsoft) **LLM-aided development:** Utilizing LLMs in the development lifecycle of tools and programs, including those with malicious intent, such as malware.(CREDIT: Microsoft) **LLM-supported social engineering:** Leveraging LLMs for assistance with translations and communication, likely to establish connections or manipulate targets.(CREDIT: Microsoft) **LLM-assisted vulnerability research:** Using LLMs to understand and identify potential vulnerabilities in software and systems, which could be targeted for exploitation.(CREDIT: Microsoft) **LLM-optimized payload crafting:** Using LLMs to assist in creating and refining payloads for deployment in cyberattacks.(CREDIT: Microsoft) **LLM-enhanced anomaly detection evasion:** Leveraging LLMs to develop methods that help malicious activities blend in with normal behavior or traffic to evade detection systems.(CREDIT: Microsoft) **LLM-directed security feature bypass:** Using LLMs to find ways to circumvent security features, such as two-factor authentication, CAPTCHA, or other access controls.(CREDIT: Microsoft) **LLM-advised resource development:** Using LLMs in tool development, tool modifications, and strategic operational planning.(CREDIT: Microsoft) **Lookalike LLM:** Using LLMs to appear to be another legitimate LLM tool such as a chatbot. Similar to look-alike domain activity. (CREDIT: Rachel James based on Kaspersky report) **LL Models used for backdoor deployment:** The model’s payload grants the attacker a shell on the compromised machine, enabling them to gain full control over victims’ machines through what is commonly referred to as a “backdoor” (CREDIT: Rachel James based on JFrog report) **DeepFake for Impersonation:** Where generative AI is used to make audio, video or photographic media used to impersonate individuals (CREDIT: Rachel James based on various reports) **LLM-directed Automated Collection**: Once established within a system or network, an adversary may use automated techniques for collecting internal data. Using LLMs the may train the model to search and copy for information fitting specific criteria. (CREDIT: Rachel James based on GXC Team activity) **LLM-enhanced data manipulation**: Adversaries may insert, delete, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data. By using LLMs to manipulate data, adversaries may attempt to affect a business process, organizational understanding, or decision making at large scales. (CREDIT: Rachel James based on GXC Team activity) **LLM-orchestrated operations (Agentic AI attack orchestration):** Where a threat actor delegates multi-stage execution of the intrusion lifecycle to an agentic LLM or AI coding tool (e.g., Claude Code), with the AI performing the majority of tactical actions under minimal human direction. Maps broadly across TA0002 Execution and multiple tactics. (CREDIT: Rachel James based on Anthropic GTG-1002 and GTG-2002 reports) **LLM-embedded malware (runtime command/code generation):** Malware that calls an LLM API at runtime to generate the commands, scripts, or obfuscation it executes, rather than hard-coding them. Maps to T1059 Command and Scripting Interpreter. (CREDIT: Rachel James based on GTIG reporting on PROMPTSTEAL/LameHug, PROMPTFLUX, and QUIETVAULT) **LLM-enhanced extortion/negotiation:** Using an LLM to analyze victim data and tailor ransom demands or extortion/negotiation communications for pressure. Maps to T1657 Financial Theft. (CREDIT: Rachel James based on Anthropic GTG-2002 ransom-note generation and SentinelLABS Global Group "AI-Assisted Chat") **AI-generated attack infrastructure (app-builder abuse):** Using generative-AI app or website builders (e.g., Lovable, Replit) to rapidly produce phishing or fraud infrastructure at scale. Maps to T1583.001 Acquire Infrastructure / T1608 Stage Capabilities. (CREDIT: Rachel James based on Proofpoint and GTIG reporting; extends the Bitter APT/Replit precedent) # !!! still under construction !!! ## Deepfake categories **DeepFake for Impersonation:** Where generative AI is used to make audio, video or photographic media used to impersonate individuals (CREDIT: Rachel James based on various reports) - Financial Fraud - Employment/Hiring fraud - Blackmail / Extorsion - deepfake porn **DeepFake for Synthetic Identity:** Where generative AI is used to make audio, video or photographic media used to impersonate individuals (CREDIT: Rachel James based on various reports)
**DeepFake for Influence Operations:** Where generative AI is used to make audio, video or photographic media used to impersonate individuals for the purposes of political or social influence campaigns, typically associated with an objective to distribute mis/dis/mal information. (CREDIT: Rachel James based on various reports) | Year and Month | Name of Actor (if known) | Victim | Brief | TTP | Link | | -------------- | ------------------------ | ------------------ | ------------------------------------------------------------ | ------------------------------------------------------------ | ------------------------------------------------------------ | | 2022 June | Multiple UnSubs | unknown (multiple) | Complaints report the use of voice spoofing, or potentially voice deepfakes, during online interviews of the potential applicants. In these interviews, the actions and lip movement of the person seen interviewed on-camera do not completely coordinate with the audio of the person speaking. At times, actions such as coughing, sneezing, or other auditory actions are not aligned with what is presented visually. | **DeepFake for Impersonation**
Employment/Hiring fraud | [Internet Crime Complaint Center IC3]( https://www.ic3.gov/Media/Y2022/PSA220628) | | 2023 August | Multiple UnSubs | unknown (multiple) | Hong Kong police have arrested six people over the use of deepfake technology to take out loans in other people’s names...In this context, police had uncovered a local fraud syndicate that used eight stolen Hong Kong identity cards – all of which had already been reported as lost – to make 90 loan applications and 54 bank account registrations between last September and July, he said...Deepfake methods were used in at least 20 instances to imitate those pictured in the identity cards and trick facial recognition programmes, Ko added. | **DeepFake for Impersonation**
Financial fraud | [Hong Kong Free Press](https://hongkongfp.com/2023/08/25/in-first-hong-kong-police-arrest-6-over-finance-scams-involving-deepfake-technology/) | | 2023 August | Unsub | Unknown | It comes after police said they received a report from a man who said scammers attempted to trick him by swapping his face onto a pornographic video before trying to blackmail him. | **DeepFake for Impersonation**
Blackmail /extorsion (sextorsion with deepfake porn) | [Hong Kong Free Press](https://hongkongfp.com/2023/08/25/in-first-hong-kong-police-arrest-6-over-finance-scams-involving-deepfake-technology/) | | 2023 August | APT43 | Unknwon | Since 2019, Mandiant has identified numerous instances of information operations leveraging GANs, typically for use in profile photos of inauthentic personas, including by actors aligned with nation-states including Russia, the People's Republic of China (PRC), Iran, Ethiopia, Indonesia, Cuba, Argentina, Mexico, Ecuador, and El Salvador, along with non-state actors such as individuals on the 4chan forum. We judge that the publicly available nature of GAN-generated image tools such as the website thispersondoesnotexist.com has likely contributed to their frequent usage in information operations (Figure 2). Actors have also taken steps to obfuscate the AI-generated origin of their profile photos through tactics like adding filters or retouching facial features. | **DeepFake for Synthetic Identity** | [Mandiant - Threat Actors are Interested in Generative AI, but Use Remains Limited](https://www.mandiant.com/resources/blog/threat-actors-generative-ai-limited)| | 2023 August | DragonBridge | United States leaders | In March 2023, DRAGONBRIDGE leveraged several AI-generated images in order to support narratives negatively portraying U.S. leaders. One such image used by DRAGONBRIDGE was originally produced by the journalist Eliot Higgins, who stated in a tweet that he used Midjourney to generate the images, suggesting that he did so to demonstrate the tool’s potential uses. | **DeepFake for Influence Operations** | [Mandiant - Threat Actors are Interested in Generative AI, but Use Remains Limited](https://www.mandiant.com/resources/blog/threat-actors-generative-ai-limited)| | 2023 May | DragonBridge | Bloomberg | In May 2023, U.S. stock market prices briefly dropped after Twitter accounts, including the Russian state media outlet, RT, and the verified account, @BloombergFeed, which posed as an account associated with the Bloomberg Media Group, shared an AI-generated image depicting an alleged explosion near the Pentagon. | **DeepFake for Influence Operations** | [Mandiant - Threat Actors are Interested in Generative AI, but Use Remains Limited](https://www.mandiant.com/resources/blog/threat-actors-generative-ai-limited)| | 2022 March | unknown | Ukraine | In March 2022, following the Russian invasion of Ukraine, an information operation promoted a fabricated message alleging Ukraine's capitulation to Russia through various means, including via a deepfake video of Ukrainian President Volodymyr Zelensky | **DeepFake for Influence Operations** | [Mandiant - Threat Actors are Interested in Generative AI, but Use Remains Limited](https://www.mandiant.com/resources/blog/threat-actors-generative-ai-limited)| | 2025 November | UNC1069 (MASAN) | Cryptocurrency-sector individuals | A victim reported that during a call they were shown a deepfake video of a CEO from another cryptocurrency company, used to lure them into installing the BIGMACHO backdoor (disguised as a Zoom SDK). | **DeepFake for Impersonation**
Financial fraud (crypto) | [GTIG - AI Threat Tracker](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools) | | 2025 Aug–2026 | DPRK IT-worker operation | US Fortune 500 / global employers | DPRK operatives use AI-generated résumés/personas, AI profile photos, and real-time deepfake video to pass job interviews, and Claude to pass coding assessments and perform the work while fraudulently employed, funneling wages to the regime. CrowdStrike (FAMOUS CHOLLIMA) tracked 320+ infiltrated firms (+220% YoY); Microsoft names Jasper Sleet using the Faceswap app to insert workers' faces into stolen IDs; Anthropic confirmed Claude-enabled employment fraud; Amazon reported blocking 1,800+ suspected operatives in 2025. | **DeepFake for Impersonation**
Employment/Hiring fraud
**DeepFake for Synthetic Identity** | [Anthropic](https://www.anthropic.com/news/detecting-countering-misuse-aug-2025) · [Microsoft](https://www.microsoft.com/en-us/security/blog/2026/03/06/ai-as-tradecraft-how-threat-actors-operationalize-ai/) · [CrowdStrike](https://www.crowdstrike.com/en-us/blog/crowdstrike-2025-threat-hunting-report-ai-weapon-target/) · [Unit 42](https://unit42.paloaltonetworks.com/north-korean-synthetic-identity-creation/) | | 2025 December | Multiple UnSub — FBI/IC3 | US officials & their contacts | FBI PSA: actors sent AI-generated voice messages (vishing) plus smishing impersonating senior US officials (White House, Cabinet, Congress, state) to build rapport and phish targets onto attacker-controlled platforms. | **DeepFake for Impersonation**
Financial/credential fraud | [FBI/IC3 PSA251219](https://www.ic3.gov/PSA/2025/PSA251219) | | 2025 August | UnSub — Anthropic | Romance/confidence-scam victims (multiple) | Operator ran a Telegram-based scam-assistance bot powered by Claude — generating high-EQ replies, producing/enhancing images for fake profiles, emotional-manipulation scripts, and multi-language support to widen targeting. | **DeepFake for Impersonation**
(GenAI image + text; romance fraud) | [Anthropic](https://www.anthropic.com/news/detecting-countering-misuse-aug-2025) | **Sources for the above lists** **Threat Actors** *2024 Reports* | **Month** | **Org** | **Link** | | --------- | ------------------------------- | ------------------------------------------------------------ | | Janurary | National Cyber Security Centre | [The near-term impact of AI on the cyber threat](https://www.ncsc.gov.uk/report/impact-of-ai-on-cyber-threat#section_5) - *Analyst note: one of the most sensible and non-sensationalist works out there on the topic* | | Feburary | Microsoft | [Staying ahead of threat actors in the age of AI](https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/) | | Feburary | Microsoft | [Cyber Signals Issue 6](https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/](https:/www.microsoft.com/en-us/security/business/security-insider/wp-content/uploads/2024/02/cyber-signals-issue-6.pdf)) | | Feburary | OpenAI | [Disrupting malicious uses of AI by state-affiliated threat actors](https://openai.com/blog/disrupting-malicious-uses-of-ai-by-state-affiliated-threat-actors) | | Feburary | JFrog | [Malicious AI models on Hugging Face backdoor users’ machines](https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/) | | March | Tripwire | [Cybersecurity in the Age of AI: Exploring AI-Generated Cyber Attacks](https://www.tripwire.com/state-of-security/cybersecurity-age-ai-exploring-ai-generated-cyber-attacks) | | March | Kaspersky | [Spam and phishing in 2023](https://securelist.com/spam-phishing-report-2023/112015/) | *2023 Reports* | **Month** | **Org** | **Link** | | --------- | ---------- | ------------------------------------------------------------ | | June | FBI / IC3 | [Malicious Actors Manipulating Photos and Videos to Create Explicit Content and Sextortion Schemes](https://www.ic3.gov/Media/Y2023/PSA230605) | | July | SlashNext | [WormGPT – The Generative AI Tool Cybercriminals Are Using to Launch Business Email Compromise Attacks](https://slashnext.com/blog/wormgpt-the-generative-ai-tool-cybercriminals-are-using-to-launch-business-email-compromise-attacks/) | | November | SlashNext | [AI tools such as ChatGPT are generating a mammoth increase in malicious phishing emails](https://www.cnbc.com/2023/11/28/ai-like-chatgpt-is-creating-huge-increase-in-malicious-phishing-email.html) | | August | Mandiant | [Threat Actors are Interested in Generative AI, but Use Remains Limited](https://www.mandiant.com/resources/blog/threat-actors-generative-ai-limited) |
标签:DLL 劫持, Ruby, 人工智能, 大语言模型, 威胁情报, 开发者工具, 用户模式Hook绕过, 知识库, 网络安全研究, 防御加固